| SYMBOL | COMMON_NAME | aka. SYNONYMS |
Lyceum is an Iranian APT group that has been active since at least 2014. They primarily target Middle Eastern governments and organizations in the energy and telecommunications sectors. Lyceum is known for using cyber espionage techniques and has been linked to other Iranian threat groups such as APT34. They have developed and deployed malware families like Shark and Milan, and have been observed using DNS tunneling and HTTPfor command and control communication.
| 2022-06-09
⋅
Zscaler
⋅
Lyceum .NET DNS Backdoor Lyceum .NET DNS Backdoor |
| 2022-03-31
⋅
State-sponsored Attack Groups Capitalise on Russia-Ukraine War for Cyber Espionage Loki RAT El Machete APT Backdoor Dropper Lyceum .NET DNS Backdoor Lyceum .NET TCP Backdoor Lyceum Golang HTTP Backdoor |
| 2021-11-09
⋅
Prevailion
⋅
Who are latest targets of cyber group Lyceum? Milan Shark LYCEUM |
| 2021-10-07
⋅
Kaspersky
⋅
LYCEUM Reborn: Counterintelligence in the Middle East danbot LYCEUM |
| 2021-08-17
⋅
ClearSky
⋅
New Iranian Espionage Campaign By “Siamesekitten” – Lyceum LYCEUM |
| 2020-01-01
⋅
Secureworks
⋅
COBALT LYCEUM danbot RGDoor LYCEUM |
| 2019-08-27
⋅
Secureworks
⋅
LYCEUM Takes Center Stage in Middle East Campaign LYCEUM |