A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supp...

Threat Actor Profile

Tortoiseshell

State-sponsored threat group originating from IR. Suspected sponsor: Iran (Islamic Republic of). Known to target Defense, Government, Military and 12 other sectors.

15 Industries Tracked Real-Time Alerts

Actor Overview

Origin Country
IR
Suspected Sponsor
Iran (Islamic Republic of)
Incident Types
Espionage

Target Industries

DefenseGovernmentMilitaryFinanceEnergyHealthcarePharmaceuticalsTelecomsHigh-TechMediaNGOsCivil SocietyLegalRailTransportation

Suspected Victims

United StatesIsraelMiddle EastEurope

Related Threat Reports

Premium
APT Campaign Analysis - Q4 2025Dec 2025
New Tactics Observed in WildDec 2025
Infrastructure Mapping ReportDec 2025
Stay Updated

Get alerts when new intel on Tortoiseshell is published.

Actor Details

Primary Name
Tortoiseshell
Known Aliases
IMPERIAL KITTEN, Yellow Liderc, Imperial Kitten, TA456, DUSTYCAVE, Crimson Sandstorm
Data Source
Precursor Intelligence
Need API Access?

Integrate threat actor data into your SIEM or SOAR.

View Plans →