IRIDIUM is a threat actor attributed to RU, also known as Seashell Blizzard, Sandworm, Quedagh. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does IRIDIUM exploit?

IRIDIUM is known to exploit 7 CVEs. View the full list on the Strobes VI threat actor profile page.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

IRIDIUM

Also known as: Seashell Blizzard, Sandworm, Quedagh, VOODOO BEAR, TEMP.Noble, IRON VIKING, G0034, ELECTRUM, TeleBots, IRIDIUM, Blue Echidna, FROZENBARENTS, UAC-0113, UAC-0082, APT44, BE2, PHANTOM, BlackEnergy Lite, UAC-0133, Sandworm Team, Phantom, Telebots, BlackEnergy (Group), Voodoo Bear, Iron Viking, CTG-7263, ATK 14, UAC-0125, APT 44, Grey Tornado, Razing Ursa, Curly COMrades, GRU military unit 74455, UNC3810, Hades

RUInformation theft and espionage

Exploited CVEs

Overview

Curly COMrades is a threat actor identified by Amazon Threat Intelligence and Bitdefender, believed to operate in support of Russian interests. They employ techniques such as Hyper-V abuse for EDR evasion and utilize proxy tools like Resocks, SSH, and Stunnel to gain access to internal networks. Their activities include repeated attempts to extract the NTDS database from domain controllers and establishing covert access through virtualization features on compromised Windows 10 machines.

Exploited Vulnerabilities

CVE ID	Action
CVE-2019-10149	View Details