HOMETHREATSCuboid Sandstorm
APT / THREAT GROUP

Cuboid Sandstorm

🇮🇷Iran-attributed
1
campaigns
2
aliases
Last seen:Mar 17, 2026

Intelligence Profile

Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to compromise downstream customers in the defense, energy, and legal sectors in Israel. The group also utilized custom implants, including a remote access Trojan disguised as RuntimeBroker.exe or svchost.exe, to establish persistence on victim hosts.

Threat Analysis

Cuboid Sandstorm is a known-sophistication threat actor attributed to Iran, engaged in cyber operations with a primary motivation of unknown activity patterns.

Known Campaigns

Cuboid Sandstorm — Active Operations March 2026

Cuboid Sandstorm is a unknown-motivation threat actor attributed to Iran. Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to compromise downstream customers in the defense, energy, and legal sectors in Israel. The group also utilized custom implan...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Origin🇮🇷 Iran
Aliases2
SourceMalpedia

Also Known As

DEV-0228Cuboid Sandstorm

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.