MERCURY

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
Mercury, a notable threat actor in the cybersecurity landscape, has been linked to malicious activities targeting multiple victims that were previously compromised by another threat group known as POLONIUM. This information comes from the Microsoft Threat Intelligence Center (MSTIC). The security community also identifies Mercury under the alias "Mango Sandstorm." The threat posed by such actors is particularly significant in the context of hybrid IT environments, which have recently come under increased scrutiny due to their inherent security challenges. In response to these threats, companies like Mercury Financial are taking proactive measures to bolster their defenses. Alex Arango, Head of Cyber Threat Management at Mercury Financial, with 14 years of industry experience and four years at the company, is leading an intelligence-led approach to security. In an interview, he discussed how Mercury Financial uses Recorded Future, a threat intelligence platform, to enhance its defensive capabilities. The platform provides real-time threat intelligence, enabling organizations to anticipate and mitigate cyber threats more effectively. The name "Mercury" is also associated with other entities and events. For instance, Mercury NZ, a utility company, was among the large-cap advancers on the Australian Securities Exchange (ASX), despite a generally poor performance for the week. Furthermore, the Virginia Mercury reported on Pornhub blocking access in Virginia ahead of a new age verification law. Lastly, a VPN service has been noted for preventing ISP throttling from providers like Rostelecom, Mercury Broadband, and Beeline. These instances illustrate the diverse contexts in which the term "Mercury" appears, beyond its association with the threat actor.
What's your take? (Question 1 of 5)
2a0f516f-b94e-4bcc-a935-19b0310e9232 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
MuddyWater
4
MuddyWater is a notable threat actor group, officially linked to Iran’s Ministry of Intelligence and Security (MOIS) by US Cyber Command in January 2022. The group gained its name due to the confusion surrounding the attribution of a wave of cyberattacks that took place between February and October
Mint Sandstorm
2
Mint Sandstorm, an Iranian nation-state threat actor also known as APT35 and Charming Kitten, has been identified by Microsoft as a significant cybersecurity concern. The group is linked to Iran's Islamic Revolutionary Guard Corps and is known for its sophisticated cyber campaigns targeting high-val
Mango Sandstorm
2
Mango Sandstorm, also known as MuddyWater or Mercury, is a threat actor group linked to Iran's Ministry of Intelligence and Security (MOIS) by the Israeli government. The group has been identified as being involved in several cyber-attacks, utilizing various tactics to gain initial access to targete
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Papercut
Azure
flaw
State Sponso...
Microsoft
Vulnerability
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
PhosphorusUnspecified
2
Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the
APT35Unspecified
2
APT35, also known as the Newscaster Team, Charming Kitten, and Mint Sandstorm, is an Iranian government-sponsored cyber espionage group. The group focuses on long-term, resource-intensive operations to collect strategic intelligence. They primarily target sectors in the U.S., Western Europe, and the
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-27350Unspecified
2
CVE-2023-27350 is a significant software vulnerability discovered in PaperCut NG/MF, a popular print management software. This flaw in software design or implementation allows attackers to bypass authentication and execute code with system privileges, posing a serious threat to both server and inter
Source Document References
Information about the MERCURY Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CSO Online
a year ago
Iranian APT group launches destructive attacks in hybrid Azure AD environments
CERT-EU
a year ago
MERCURY – A Destructive Operation From Iranian Hackers Wipe Cloud Environments | IT Security News
CERT-EU
7 months ago
Insights from Security Mavericks: Interpublic Group, FICO, and Mercury
Securityaffairs
a year ago
Iran-linked APT groups started exploiting Papercut flaw
CERT-EU
a year ago
Links 22/02/2023: KDE Plasma 5.27.1 and New Fears Over Nukes
Naked Security
a year ago
Serious Security: Rowhammer returns to gaslight your computer
CERT-EU
a year ago
AI innovation will shake up playing field for security integrators
CERT-EU
a year ago
Hackers kraken zakelijke Chromebooks met SH1MMER-tool
MITRE
a year ago
Exposing POLONIUM activity and infrastructure targeting Israeli organizations - Microsoft Security Blog
CERT-EU
a year ago
Iran cyberespionage group taps SimpleHelp for persistence on victim devices
CERT-EU
a year ago
Symantec says an APT called Lancefly used custom malware to attack governments, telcos, and other organizations in Asia from the middle of 2022 through Q1 2023
CERT-EU
a year ago
As Chinese companies recruit South Korean tech talent more aggressively, Seoul creates a database to monitor South Korean chip engineers' international travel
CrowdStrike
10 months ago
Consolidating Cybersecurity with CrowdStrike | CrowdStrike
Recorded Future
a year ago
Threat Intelligence to Elevate Your Security Defenses | Recorded Future
CERT-EU
10 months ago
The Convergence of Cybersecurity and Everything
Recorded Future
6 months ago
Threat Intelligence to Elevate Your Security Defenses | Recorded Future
CERT-EU
9 months ago
Signs of MuddyWater Developments Found in the DNS
CERT-EU
a year ago
Nagasaka Mago: “Hacking” Capitalism and Making Art from the World’s Biggest E-Waste Dump | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
a year ago
PODCAST: Ethical hacking? You mean cyber assurance testing, with Edward Farrell | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker – National Cyber Security Consulting
CERT-EU
a year ago
Inside Shift Left And API Security From RSA | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware – National Cyber Security Consulting