Threat Actor Profile
High APT
Description

Poseidon Group is a Portuguese-speaking threat group that has been active since at least 2005. The group has a history of using information exfiltrated from victims to blackmail victim companies into contracting the Poseidon Group as a security firm. (Citation: Kaspersky Poseidon Group)

Confidence Score
90%
Known Aliases
Poseidon Group
Tags
mitre-attack stix-2.1 intrusion-set
First Seen

Unknown

Last Updated

Unknown

Active Status
Active
Created

April 29, 2026

MITRE ATT&CK Techniques (8)
T1003 - OS Credential Dumping
Credential Access
T1036.005 - Match Legitimate Resource Name or Locat…
Defense Evasion
T1007 - System Service Discovery
Discovery
T1049 - System Network Connections Discovery
Discovery
T1057 - Process Discovery
Discovery
T1087.001 - Local Account
Discovery
T1087.002 - Domain Account
Discovery
T1059.001 - PowerShell
Execution
Indicators of Compromise

Loading IOCs…

IOC KQL for Sentinel
STIX Data 
{'aliases': ['Poseidon Group'],
 'created': '2017-05-31T21:32:04.179Z',
 'created_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'description': '[Poseidon Group](https://attack.mitre.org/groups/G0033) is a '
                'Portuguese-speaking threat group that has been active since '
                'at least 2005. The group has a history of using information '
                'exfiltrated from victims to blackmail victim companies into '
                'contracting the [Poseidon '
                'Group](https://attack.mitre.org/groups/G0033) as a security '
                'firm. (Citation: Kaspersky Poseidon Group)',
 'external_references': [{'external_id': 'G0033',
                          'source_name': 'mitre-attack',
                          'url': 'https://attack.mitre.org/groups/G0033'},
                         {'description': '(Citation: Kaspersky Poseidon Group)',
                          'source_name': 'Poseidon Group'},
                         {'description': "Kaspersky Lab's Global Research and "
                                         'Analysis Team. (2016, February 9). '
                                         'Poseidon Group: a Targeted Attack '
                                         'Boutique specializing in global '
                                         'cyber-espionage. Retrieved March 16, '
                                         '2016.',
                          'source_name': 'Kaspersky Poseidon Group',
                          'url': 'https://securelist.com/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/73673/'}],
 'id': 'intrusion-set--7ecc3b4f-5cdb-457e-b55a-df376b359446',
 'modified': '2025-04-25T14:49:33.223Z',
 'name': 'Poseidon Group',
 'object_marking_refs': ['marking-definition--fa42a846-8d90-4e51-bc29-71d5b4802168'],
 'spec_version': '2.1',
 'type': 'intrusion-set',
 'x_mitre_attack_spec_version': '3.2.0',
 'x_mitre_deprecated': False,
 'x_mitre_domains': ['enterprise-attack'],
 'x_mitre_modified_by_ref': 'identity--c78cb6e5-0c4b-4611-8297-d1b8b55e40b5',
 'x_mitre_version': '1.1'}
Quick Actions
Related TTPs (8)
OS Credential Dumping
Credential Access
Match Legitimate Resource Nam…
Defense Evasion
System Service Discovery
Discovery
System Network Connections Di…
Discovery
Process Discovery
Discovery
View All 8 TTPs
Back to Threat Actors
Dashboard Home