Sima is a state-sponsored threat group of Iranian origin, first documented in February 2016. The group's primary motivation is information theft and espionage, distinguishing itself through highly refined spear-phishing tactics that incorporate detailed background research and legitimate-looking baits to increase success rates. Sima has demonstrated an evolution in its social engineering techniques, using malware binaries disguised with right-to-left filenames to conceal actual file extensions and appropriating real identities to interact professionally with targets. This approach represents a notable refinement compared to other groups that rely on more generic attack methods.