APT / THREAT GROUP

Bohrium

🇮🇷Iran-attributed
1
campaigns
4
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. They often create fake social media profiles, particularly posing as recruiters, to trick victims into running malware on their computers. Microsoft's Digital Crimes Unit has taken legal action and seized 41 domains used by Bohrium to disrupt their activities. The group has shown a particular interest in sectors such as technology, transportation, government, and education.

Threat Analysis

Bohrium is a known-sophistication threat actor attributed to Iran, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Bohrium — Active Operations March 2026

Bohrium is a unknown-motivation threat actor attributed to Iran. Bohrium is an Iranian threat actor that has been involved in spear-phishing operations targeting organizations in the US, Middle East, and India. They often create fake social media profiles, particularly posing as recruiters, to trick victims into running malware on their comput...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇮🇷 Iran
Aliases4
SourceMalpedia

Also Known As

BOHRIUMBohriumSmoke SandstormIMPERIAL KITTEN

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Bohrium — APT / Threat Group | Threat Intelligence | CTIWATCH.COM