IR

Cuboid SandstormCuboid Sandstorm

Also known as: DEV-0228 · Cuboid Sandstorm

Origin
IR
Known aliases
2

Profile

Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to compromise downstream customers in the defense, energy, and legal sectors in Israel. The group also utilized custom implants, including a remote access Trojan disguised as RuntimeBroker.exe or svchost.exe, to establish persistence on victim hosts.

Aliases· 2

DEV-0228Cuboid Sandstorm

References

  1. https://www.microsoft.com/security/blog/2021/11/18/iranian-targeting-of-it-sector-on-the-rise/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Gray Sandstorm
Actor
Pink Sandstorm
Actor
Cyber Toufan
Actor
DEV-0270
Actor
Cotton Sandstorm
Actor
MosesStaff
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.