This is the Trace Id: 9baf11f2044b91a0310dc5aeb3b89876

Join RSAC executive panel session on March 24 “AI agents are here! Are you ready?”.

Register now

Nation State Actor

Crimson Sandstorm   

Download
Share
Blue hexagon pattern with O/O text.
Crimson Sandstorm (formerly CURIUM) actors have been observed leveraging a network of fictitious social media accounts to build trust with targets and deliver malware to ultimately exfiltrate data. Additionally in 2021, Crimson Sandstorm conducted a spear-phishing campaign targeting companies that provide IT and engineering services for U.S. defense and intelligence agencies, probably as a part of a supply chain operation to gain access to their customers.

DETAILS

Also known as:

  • Houseblend, Tortoise Shell

Country of origin:

  • Iran

Countries targeted:

  • Middle East
  • United States

Industries targeted:

  • U.S. military and defense contractors
  • IT services
  • Middle Eastern governments

Microsoft Threat Intelligence: Recent Crimson Sandstorm Articles

Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021

Learn more

Follow Microsoft Security