Cotton Sandstorm

🔴 High
Also known as: Emennet Pasargad, Holy Souls, MARNANBRIDGE, NEPTUNIUM, HAYWIRE KITTEN, Cotton Sandstorm, Vice Leaker, DEV-0198, ViceLeaker

Cotton Sandstorm is an Iranian threat actor involved in hack-and-leak operations. They have targeted various organizations, including the French satirical magazine Charlie Hebdo, where they obtained and leaked personal information of over 200,000 customers. The group has been linked to the Iranian government and has been sanctioned by the US Treasury

🌍 Country Iran
Risk Level High
🎯 Incident Type Information Operations
Government Finance High-Tech Telecoms NGOs Civil Society Rail Energy

Targeted Victims

United States Israel Middle East Europe

Introduction

Cotton Sandstorm is an Iranian threat actor involved in hack-and-leak operations. They have targeted various organizations, including the French satirical magazine Charlie Hebdo, where they obtained and leaked personal information of over 200,000 customers. The group has been linked to the Iranian government and has been sanctioned by the US Treasury

Activities and Tactics

Targeted Sectors: Government, Finance, High-Tech, Telecoms, NGOs, Civil Society, Rail, Energy

Country of Origin: 🇮🇷 Iran

Risk Level: High

Incident Type: Information Operations

Suspected Victims: United States, Israel, Middle East, Europe

Notable Campaigns

Information pending cataloguing.

Tactics, Techniques, and Procedures (TTPs)

Information pending cataloguing.

Notable Indicators of Compromise (IOCs)

No curated IOCs are currently published for this actor. This section will be updated when stable, attributable indicators are available.

Malware and Tools

Information pending cataloguing.

Attribution and Evidence

Country of Origin: Iran Additional attribution information pending cataloguing.

References

References pending cataloguing.