Curious Serpens
| Actor Type | Nation State |
|---|---|
| Attributed to Nation | Iran |
| Directly Linked Intrusion Sets | Peach Sandstorm , Refined Kitten , APT33 |
| Associated MITRE ATT&CK Group | APT33 (G0064) |
Curious Serpens (also known as Peach Sandstorm, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN) is a suspected Iranian-affiliated espionage group active since at least 2013. They have targeted aerospace and energy sectors in the Middle East, the United States, and Europe.
According to researchers at Palo Alto's Unit 42, the group have been observed using the FalseFont backdoor. FalseFont is a backdoor used to mimic legitimate human resources software, tricking victims into installing it under the guise of a job recruitment process.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Curious Serpens Threat Reports
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention
This article by researchers at Unit 42 discusses the FalseFont backdoor used by Curious Serpens, an Iranian-affiliated espionage group targeting ...