Hazel Sandstorm

Threat Actor updated 7 months ago (2024-11-29T13:56:07.651Z)

Download STIX

Preview STIX

Hazel Sandstorm, also known as APT34, OilRig, and EUROPIUM, is a threat actor that has been linked to Iran. This group is known for its sophisticated and persistent cyber attacks on high-profile organizations, using custom-made tools to gain access and systematically exfiltrate data. The cybersecurity industry has tracked various operations of Hazel Sandstorm, which is also associated with another threat actor, Scarred Manticore. The naming conventions for these groups can be complex and inconsistent, but they all refer to entities executing actions with malicious intent. The modus operandi of Hazel Sandstorm includes the use of custom infrastructure, email tunneling for communications, two malware programs similar to previous APT34 code, and domain-naming schemes that mirror those used in past operations. These hallmarks were evident in a recent attack, indicating the involvement of Hazel Sandstorm. The group's attacks are not only technologically advanced but also strategically targeted, focusing on nations and organizations of interest. Previous attacks by Hazel Sandstorm have targeted countries such as Jordan, Lebanon, and Pakistan, demonstrating the group's regional focus. This information comes from an analysis by Check Point's research group, a leading cybersecurity firm. Their findings highlight the significant threat posed by Hazel Sandstorm and underline the importance of robust cybersecurity measures to protect against such sophisticated and persistent threat actors.

Description last updated: 2024-09-18T09:15:32.609Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
APT34 is a possible alias for Hazel Sandstorm. APT34, a threat actor suspected to be linked to Iran, has been operational since at least 2014 and is involved in long-term cyber espionage operations largely focused on reconnaissance efforts. The group targets a variety of sectors including financial, government, energy, chemical, and telecommunic	3
OilRig is a possible alias for Hazel Sandstorm. OilRig, also known as APT34, Earth Simnavaz, Evasive Serpens, and other names, is a well-known threat actor in the cybersecurity industry. This group has been particularly active in targeting entities in the Middle East, including critical infrastructure and telecommunications organizations. One of	2
Europium is a possible alias for Hazel Sandstorm.	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Hazel Sandstorm Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
ESET	a month ago	BladedFeline: Whispering in the dark
DARKReading	10 months ago	As Geopolitical Tensions Mount, Iran's Cyber Operations Grow
MITRE	2 years ago	Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021 \| Microsoft Security Blog
Checkpoint	2 years ago	From Albania to the Middle East: The Scarred Manticore is Listening - Check Point Research