TortoiseshellTortoiseshell

Also known as: Tortoiseshell · IMPERIAL KITTEN · Yellow Liderc · Imperial Kitten · TA456 · DUSTYCAVE · Crimson Sandstorm · Cuboid Sandstorm · Smoke Sandstorm · CURIUM

Known aliases
10

Profile

A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers’ customers. The group, which we are calling Tortoiseshell, has been active since at least July 2018. Symantec has identified a total of 11 organizations hit by the group, the majority of which are based in Saudi Arabia. In at least two organizations, evidence suggests that the attackers gained domain admin-level access.

Aliases· 10

TortoiseshellIMPERIAL KITTENYellow LidercImperial KittenTA456DUSTYCAVECrimson SandstormCuboid SandstormSmoke SandstormCURIUM

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
SandCat
Actor
Flash Kitten
Actor
TRACER KITTEN
Actor
Pink Sandstorm
Group
CopyKittens
Actor
Fox Kitten
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.