Who is Cuboid Sandstorm?

Cuboid Sandstorm is a threat actor attributed to IR, also known as DEV-0228. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Cuboid Sandstorm exploit?

Specific CVE exploitation data for Cuboid Sandstorm is being tracked. Check the Strobes VI threat actor profile for updates.

Cuboid Sandstorm

Also known as: DEV-0228

Exploited CVEs

Overview

Cuboid Sandstorm is an Iranian threat actor that targeted an Israel-based IT company in July 2021. They gained access to the company's network and used it to compromise downstream customers in the defense, energy, and legal sectors in Israel. The group also utilized custom implants, including a remote access Trojan disguised as RuntimeBroker.exe or svchost.exe, to establish persistence on victim hosts.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database

Quick Actions