Uptime Hamster: 15d 7h 57mDeploy: 13 Jul 2026 08:04Updated: 2026-07-05
Logo del actor de amenaza Gray Sandstorm

Gray Sandstorm

0 incidentes 0 paises 0 sectores apt IR Ultimo: -
Aliases: DEV-0343
Ver en IntelTracker → APTTrail →
Gray Sandstorm, also tracked as DEV-0343 until its renaming in April 2023, is a state-sponsored threat actor operating in support of Iranian national interests. The group was first observed in late July 2021 by Microsoft Threat Intelligence Center (MSTIC). Its primary motivation is intelligence gathering, particularly focused on obtaining sensitive information such as commercial satellite imagery and proprietary shipping plans to advance Iran's strategic and military objectives, and supporting kinetic operations and bombing damage assessment efforts. Gray Sandstorm distinguishes itself through its persistent and widespread password spraying campaigns, often using anonymizing services like Tor to compromise cloud accounts. The group's activities suggest a focused effort on cyber espionage.

Aliases del actor

DEV-0343

Actores similares

dev-0343actor · 1devmanransomware · 184apt-graylingactor · 1crimson-sandstormactor · 1Network Devicesactor · 1Compromise Software Dependencies and Development Toolsactor · 1Device Driver Discoveryactor · 1CS FQL: 32. Detect Data Exfiltration via external storage devicesactor · 1dev-0322actor · 1unc1549-crimson-sandstormactor · 1
Tecnicas MITRE
T1203, T1566.002, T1003, T1071.001, T1078.003, T1047
CVEs relacionadas
CVE-2024-3400, CVE-2023-3519, CVE-2022-1388, CVE-2021-27065, CVE-2021-26858, CVE-2021-26857
Tipo
apt
Pais origen
IR
Motivacion
-
Impacto
15
Actualizado
Sat, 13 Ja

Sectores objetivo (SOCRadar)

Transportation&WarehousingPublic AdministrationSpace & Defense