Security News > 2023 > April > Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems
An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022.
Targeted entities consist of seaports, energy companies, transit systems, and a major U.S. utility and gas company.
The activity is suspected to be retaliatory and in response to attacks targeting its maritime, railway, and gas station payment systems that took place between May 2020 and late 2021.
Mint Sandstorm is the new name assigned to the threat actor Microsoft was previously tracking under the name Phosphorus, and also known as APT35, Charming Kitten, ITG18, TA453, and Yellow Garuda.
The change in nomenclature is part of Microsoft's shift from chemical elements-inspired monikers to a new weather-themed threat actor naming taxonomy, in part driven by the increasing "Complexity, scale, and volume of threats."
Drokbk was previously detailed by Secureworks Counter Threat Unit in December 2022, attributing it to a threat actor known as Nemesis Kitten, a sub-cluster of Mint Sandstorm.
News URL
https://thehackernews.com/2023/04/iranian-government-backed-hackers.html
Related news
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)