Crimson Sandstorm (formerly CURIUM) actors have been observed leveraging a network of fictitious social media accounts to build trust with targets and deliver malware to ultimately exfiltrate data. Additionally in 2021, Crimson Sandstorm conducted a spear-phishing campaign targeting companies that provide IT and engineering services for U.S. defense and intelligence agencies, probably as a part of a supply chain operation to gain access to their customers.
Get insights straight from the experts on the Microsoft Threat Intelligence Podcast. Listen now.
Nation State Actor
Crimson Sandstorm
Also known as: Industries targeted:
Houseblend, Tortoise Shell U.S. military and defense contractors
IT services
Country of origin:
Iran Middle Eastern governments
Countries targeted:
Middle East
United States
Follow Microsoft