Gray Sandstorm
MISP
Type:
Unknown
Unknown
Country:
IR
IR
First seen:
Unknown
Unknown
Details:
Gray Sandstorm is an Iran-linked threat actor that has been active since at least 2012. They have targeted defense technology companies, maritime transportation companies, and Persian Gulf ports of entry. Their primary method of attack is password spraying, and they have been observed using tools like o365spray. They have a specific focus on US and Israeli targets and are likely operating in support of Iranian interests.
Aliases (105)
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
DEV-0343
Metadata
| ID: | 569 |
| Created: | 13/01/2026 17:48 |
| Updated: | 07/03/2026 04:00 |