MERCURY

Threat Actor updated 23 days ago (2024-11-29T13:46:43.531Z)
Download STIX
Preview STIX
Mercury, also known as MuddyWater and Static Kitten, is a threat actor group linked to global espionage activities, with suspected ties to the Iranian Ministry of Intelligence and Security. This group has been noted for its malicious activities, compromising multiple victims that another group, POLONIUM, previously targeted. The cybersecurity community has recognized the significant security challenges posed by Mercury, highlighting its activities in relation to hybrid IT infrastructures. Recently, Mercury Financial, a high-interest, low credit score non-bank credit card company that uses Evolve to issue cards, reported a data breach. The compromised data included account numbers, deposit balances, business owner names, and emails associated with Mercury and other fintech accounts. The company has notified its affected customers about the breach and the preventative measures being taken to secure their funds. Alex Arango, Head of Cyber Threat Management at Mercury Financial, has been actively working on strengthening the company's defenses using threat intelligence from Recorded Future. In an unrelated event, defensive sectors including consumer staples and utilities showed resilience on the local bourse, with Mercury NZ among the largest large-cap advancers. However, it should be clarified that this Mercury refers to a different entity than the threat actor or Mercury Financial. Similarly, references to "Mercury" in other contexts such as Virginia Mercury, a news outlet, and Mercury in the context of the Regents' meeting, do not pertain to the threat actor group.
Description last updated: 2024-07-17T01:15:31.189Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
MuddyWater is a possible alias for MERCURY. MuddyWater is an Advanced Persistent Threat (APT) actor that first surfaced in 2017, primarily targeting countries in the Middle East, Europe, and the USA. The group uses a range of techniques for its cyber-espionage activities, including PowerShell for execution, HTTP for C2 communications, and mal
5
Mint Sandstorm is a possible alias for MERCURY. Mint Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran's Islamic Revolutionary Guard Corps (IRGC), has been identified as a significant cybersecurity threat. The group has demonstrated its capability to rapidly weaponize N-day vulnerabilities in common enterprise applications and c
2
Mango Sandstorm is a possible alias for MERCURY. Mango Sandstorm, also known as MuddyWater or Mercury, is a threat actor group linked to Iran's Ministry of Intelligence and Security (MOIS) by the Israeli government. The group has been identified as being involved in several cyber-attacks, utilizing various tactics to gain initial access to targete
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Papercut
Azure
flaw
State Sponso...
Microsoft
Vulnerability
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Phosphorus Threat Actor is associated with MERCURY. Phosphorus, also known as APT35 or Charming Kitten, is a prominent threat actor linked to the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group is notorious for its cyberespionage activities and has been actively targeting high-profile individuals involved in Middle Eastern affairs at univUnspecified
2
The APT35 Threat Actor is associated with MERCURY. APT35, also known as the Newscaster Team, Charming Kitten, and Mint Sandstorm, is an Iranian government-sponsored cyber espionage team. This threat actor conducts long-term, resource-intensive operations to collect strategic and tactical intelligence on behalf of the Islamic Revolutionary Guard CorpUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-27350 Vulnerability is associated with MERCURY. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first updaUnspecified
2
Source Document References
Information about the MERCURY Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
5 months ago
Malwarebytes
6 months ago
BankInfoSecurity
6 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Recorded Future
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
Naked Security
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago