| SYMBOL | COMMON_NAME | aka. SYNONYMS |
A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.
| 2023-11-09
⋅
CrowdStrike
⋅
IMPERIAL KITTEN Deploys Novel Malware Families in Middle East-Focused Operations IMAPLoader |
| 2022-03-30
⋅
Recorded Future
⋅
Social Engineering Remains Key Tradecraft for Iranian APTs Liderc pupy |
| 2021-07-28
⋅
Proofpoint
⋅
I Knew You Were Trouble: TA456 Targets Defense Contractor with Alluring Social Media Persona Liderc SysKit |
| 2021-07-15
⋅
Facebook
⋅
Taking Action Against Hackers in Iran Liderc SysKit |
| 2019-09-25
⋅
Twitter (@QW5kcmV3)
⋅
Tweet on APT35 activity SysKit |
| 2019-09-24
⋅
DARKReading
⋅
Iranian Government Hackers Target US Veterans SysKit Tortoiseshell |
| 2019-09-24
⋅
Cisco Talos
⋅
How Tortoiseshell created a fake veteran hiring website to host malware Liderc SysKit |
| 2019-09-18
⋅
Symantec
⋅
Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks SysKit Tortoiseshell |