IR

Gray SandstormGray Sandstorm

Also known as: DEV-0343 · Gray Sandstorm

Origin
IR
Known aliases
2

Profile

Gray Sandstorm is an Iran-linked threat actor that has been active since at least 2012. They have targeted defense technology companies, maritime transportation companies, and Persian Gulf ports of entry. Their primary method of attack is password spraying, and they have been observed using tools like o365spray. They have a specific focus on US and Israeli targets and are likely operating in support of Iranian interests.

Aliases· 2

DEV-0343Gray Sandstorm

References

  1. https://www.microsoft.com/en-us/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/
  2. https://www.microsoft.com/en-us/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Actor
Pink Sandstorm
Actor
Dust Storm
Actor
Cuboid Sandstorm
Actor
Storm-1133
Actor
Cotton Sandstorm
Actor
Sandworm
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.