Crimson Sandstorm (formerly CURIUM) actors have been observed leveraging a network of fictitious social media accounts to build trust with targets and deliver malware to ultimately exfiltrate data. Additionally in 2021, Crimson Sandstorm conducted a spear-phishing campaign targeting companies that provide IT and engineering services for U.S. defense and intelligence agencies, probably as a part of a supply chain operation to gain access to their customers.
Nation State Actor
Crimson Sandstorm
Also known as: Industries targeted:
Houseblend, Tortoise Shell U.S. military and defense contractors
IT services
Country of origin:
Iran Middle Eastern governments
Countries targeted:
Middle East
United States