Uptime Hamster: 15d 7h 58mDeploy: 13 Jul 2026 08:04Updated: 2026-07-05
Logo del actor de amenaza Cotton Sandstorm

Cotton Sandstorm

0 incidentes 0 paises 0 sectores apt IR Ultimo: -
Aliases: Emennet Pasargad, HAYWIRE KITTEN, Holy Souls, MARNANBRIDGE, NEPTUNIUM, o Vice Leaker, lo que sugiere una red operativa diversa, potencialmente multifacética
Ver en IntelTracker → APTTrail →
Cotton Sandstorm is an Iranian state-sponsored threat actor primarily engaged in cyber espionage and influence operations, strongly linked to the Islamic Revolutionary Guard Corps. The group has been active since at least 2020, initially focusing on hack-and-leak operations predominantly against Israeli organizations, but has since expanded its scope to a broader international audience and diversified its tactics. A distinctive characteristic of Cotton Sandstorm is its strategic use of generative artificial intelligence tools for influence operations, including the creation of deepfakes and the manipulation of images and voices for propaganda. The group also maintains a network of fictitious hosting resellers, such as VPS-Agent and Server-Speed, to obfuscate its operational infrastructure. Cotton Sandstorm is known to operate under numerous aliases, including Emennet Pasargad, Haywire Kitten, Marnanbridge, Neptunium, Holy Souls, and Aria Sepehr Ayandehsazan (ASA), which it adopted as a

Aliases del actor

Emennet PasargadHAYWIRE KITTENHoly SoulsMARNANBRIDGENEPTUNIUMo Vice Leakerlo que sugiere una red operativa diversapotencialmente multifacética

Actores similares

Fox Kittenapt · 1Charming Kittenactor · 1cutting-kittenactor · 1clever-kittenactor · 1charming-kittenactor · 1rocket-kittenactor · 1flash-kittenactor · 1domestic-kittenactor · 1fox-kittenactor · 1tracer-kittenactor · 1
Tecnicas MITRE
T1585 - Establish Accounts, T1610 - Deploy Container, T1555.003 - Credentials from Web Browsers, T1583 - Acquire Infrastructure, T1547.001 - Registry Run Keys / Startup Folder, T1608 - Stage Capabilities
CVEs relacionadas
CVE-2025-34067, CVE-2023-6895, CVE-2021-33044, CVE-2018-20250, CVE-2018-13379, CVE-2017-11774
Tipo
apt
Pais origen
IR
Motivacion
-
Impacto
75
Actualizado
Sat, 27 Ja

Paises objetivo (SOCRadar)

United Arab EmiratesAlbaniaBahrainCanadaChinaFranceUnited KingdomIndonesiaIsraelIndia

Sectores objetivo (SOCRadar)

Other Information ServicesMonetary Authorities-Central BankSoftware PublishersAccommodationAir TransportationManufacturingElectrical Equipment, Appliance, and Component ManufacturingPublic AdministrationOil & GasEducational Services