Nation-State Actor
Peach Sandstorm
Iran • Active since 2013
Peach Sandstorm is the same as APT33/Elfin - Iranian hackers who target aviation and energy companies with password guessing attacks and sometimes ransomware.
Overview
Peach Sandstorm is an Iranian threat actor targeting aerospace, defense, and energy sectors. They are known for password spray attacks and have deployed ransomware against some targets.
Also Known As
APT33, Elfin, Magnallium, Refined Kitten, HOLMIUM
Target Industries
Aerospace, Defense, Energy, Petrochemical
Target Regions
United States, Saudi Arabia, South Korea, Europe
Is your business exposed?
Tactics, Techniques & Procedures
- • Password spraying
- • Exploitation of public-facing applications
- • Ransomware deployment
- • Custom malware development
Known Tools & Malware
POWERTON, TURNEDUP, NANOCORE, DropShot, ShapeShift
Notable Campaigns
Defense Sector Password Spraying (2023)
Large-scale password spray campaign against defense and satellite organizations.
Aerospace Industry Targeting (2019)
Targeted aerospace companies in US and Saudi Arabia for technology theft.
MITRE ATT&CK Techniques
T1110.003, T1190, T1486, T1204.002
Defense Recommendations
- 1.
Implement password spray detection
- 2.
Enforce MFA across all accounts
- 3.
Monitor for known Peach Sandstorm indicators
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required