Security News > 2023 > April > Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems
An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022.
Targeted entities consist of seaports, energy companies, transit systems, and a major U.S. utility and gas company.
The activity is suspected to be retaliatory and in response to attacks targeting its maritime, railway, and gas station payment systems that took place between May 2020 and late 2021.
Mint Sandstorm is the new name assigned to the threat actor Microsoft was previously tracking under the name Phosphorus, and also known as APT35, Charming Kitten, ITG18, TA453, and Yellow Garuda.
The change in nomenclature is part of Microsoft's shift from chemical elements-inspired monikers to a new weather-themed threat actor naming taxonomy, in part driven by the increasing "Complexity, scale, and volume of threats."
Drokbk was previously detailed by Secureworks Counter Threat Unit in December 2022, attributing it to a threat actor known as Nemesis Kitten, a sub-cluster of Mint Sandstorm.
News URL
https://thehackernews.com/2023/04/iranian-government-backed-hackers.html