Hazel Sandstorm (formerly EUROPIUM) has been publicly linked to Iran’s Ministry of Intelligence and Security (MOIS). Microsoft assessed with high confidence that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services. Microsoft Threat Intelligence teams assess with moderate confidence that the actors linked to the state-sponsored actor, Hazel Sandstorm, gained initial access and exfiltrated data as part of this destructive cyberattack.