Carmine TsunamiCarmine Tsunami

Also known as: Carmine Tsunami · DEV-0196 · QuaDream

Known aliases
3

Profile

Carmine Tsunami is a threat actor linked to an Israel-based private sector offensive actor called QuaDream. QuaDream sells a platform called REIGN to governments for law enforcement purposes, which includes exploits, malware, and infrastructure for data exfiltration from mobile devices. Carmine Tsunami is associated with the iOS malware called KingsPawn and has targeted civil society victims, including journalists, political opposition figures, and NGO workers, in various regions. They utilize domain registrars and inexpensive cloud hosting providers, often using single domains per IP address and deploying free Let's Encrypt SSL certificates.

Aliases· 3

Carmine TsunamiDEV-0196QuaDream

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Caramel Tsunami
Actor
Denim Tsunami
Actor
Caracal Kitten
Actor
TA577
Actor
Coinbase Cartel
Actor
Karkadann
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.