Altoufan Team
Altoufan Team is a persona tied to Cotton Sandstorm. The provided reporting states that the persona was revived in the context of anticipated Iranian-linked cyber counteroffensive activity following Operation Epic Fury on February 28, 2026. Cotton Sandstorm is described as affiliated with the IRGC Cyber-Electronic Command (IRGC-CEC) and as conducting hack-and-leak and influence operations under personas including Altoufan Team. Based on the provided content, Altoufan Team should therefore be understood as part of Iranian state-linked cyber activity, specifically as a front/persona associated with Cotton Sandstorm rather than a distinct standalone intrusion group. No additional high-confidence targeting, malware, or TTP details are directly provided for Altoufan Team beyond its use in hack-and-leak and influence operations and its revival being noted in the reporting.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Tradecraft
2 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.