Nation-State Actor
Pink Sandstorm
Iran • Active since 2020
Pink Sandstorm is an Iranian hacking group that destroys data and pretends to be ransomware or hacktivists. They mainly target Israel but attack others too.
Overview
Pink Sandstorm is an Iranian threat actor conducting destructive operations against organizations in Israel and the broader Middle East. They disguise their operations as ransomware or hacktivist activity.
Also Known As
AGRIUS, Americium, DEV-0270, BlackShadow
Target Industries
Technology, Defense, Finance, Critical Infrastructure
Target Regions
Israel, Middle East, United States
Is your business exposed?
Tactics, Techniques & Procedures
- • Destructive wiper operations
- • Ransomware facade for destruction
- • Web shell deployment
- • Exploitation of public-facing applications
Known Tools & Malware
Apostle, Fantasy, IPsec Helper, SQLshell
Notable Campaigns
Fantasy Wiper Campaign (2022)
Deployed destructive wiper malware against targets in Israel.
Diamond Industry Targeting (2021)
Targeted Israeli diamond industry with ransomware-disguised wipers.
MITRE ATT&CK Techniques
T1486, T1485, T1505.003, T1190
Defense Recommendations
- 1.
Implement offline backups for critical data
- 2.
Monitor for known wiper indicators
- 3.
Segment critical infrastructure
Related Threat Actors
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required