Threat actor · all actors
AgriusG1030 state
🇮🇷 IR
aka Agrius, Pink Sandstorm, AMERICIUM, Agonizing Serpens, BlackShadow
Last updated: 2026-07-03
0attributed CVEs
30ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
—years active
About this actor
[Agrius](https://attack.mitre.org/groups/G1030) is an Iranian threat actor active since 2020 notable for a series of ransomware and wiper operations in the Middle East, with an emphasis on Israeli targets.(Citation: SentinelOne Agrius 2021)(Citation: CheckPoint Agrius 2023) Public reporting has linked [Agrius](https://attack.mitre.org/groups/G1030) to Iran's Ministry of Intelligence and Security (MOIS).(Citation: Microsoft Iran Cyber 2023)
Source: MITRE ATT&CK
Activity timeline
No activity events recorded.
Profile
| CVE | Risk | CVSS | EPSS | Published | Products |
|---|---|---|---|---|---|
| No attributed CVEs. | |||||
Mitigating controls (NIST 800-53)
| Control | Techniques covered | Coverage |
|---|---|---|
SI-4 | 24 / 30 | 80% |
AC-3 | 21 / 30 | 70% |
AC-2 | 20 / 30 | 67% |
AC-6 | 20 / 30 | 67% |
CM-2 | 20 / 30 | 67% |
CM-6 | 20 / 30 | 67% |
AC-5 | 16 / 30 | 53% |
IA-2 | 15 / 30 | 50% |
SI-3 | 15 / 30 | 50% |
CA-7 | 14 / 30 | 47% |
CM-5 | 13 / 30 | 43% |
CM-7 | 13 / 30 | 43% |
RA-5 | 11 / 30 | 37% |
IA-5 | 9 / 30 | 30% |
SI-7 | 9 / 30 | 30% |
Co-occurring actors
None.
Similar actors
Similar TTPs
- APT5 0.36
- GALLIUM 0.34
- HomeLand Justice 0.29
- 2016 Ukraine Electric Power Attack 0.29
- APT28 Nearest Neighbor Campaign 0.29
Same nation-state
- HomeLand Justice 1.00
- Outer Space 1.00
- Juicy Mix 1.00
- Cleaver 1.00
- OilRig 1.00
Same category
- Night Dragon 1.00
- FunnyDream 1.00
- C0011 1.00
- Operation Wocao 1.00
- Operation Dream Job 1.00