Cuboid Sandstorm

MISP

Type:
Unknown

Country:
IR

First seen:
Unknown

Details:

Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to compromise downstream customers in the defense, energy, and legal sectors in Israel. The group also utilized custom implants, including a remote access Trojan disguised as RuntimeBroker.exe or svchost.exe, to establish persistence on victim hosts.

References (1)

microsoft.com - Iranian Targeting Of It Sector On The Rise

Aliases (105)

DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228 DEV-0228

Metadata

ID:	582
Created:	13/01/2026 17:48
Updated:	07/03/2026 04:00