MERCURY

Threat Actor updated 2 months ago (2024-07-17T01:17:38.483Z)

Download STIX

Preview STIX

Mercury, also known as MuddyWater and Static Kitten, is a threat actor group linked to global espionage activities, with suspected ties to the Iranian Ministry of Intelligence and Security. This group has been noted for its malicious activities, compromising multiple victims that another group, POLONIUM, previously targeted. The cybersecurity community has recognized the significant security challenges posed by Mercury, highlighting its activities in relation to hybrid IT infrastructures. Recently, Mercury Financial, a high-interest, low credit score non-bank credit card company that uses Evolve to issue cards, reported a data breach. The compromised data included account numbers, deposit balances, business owner names, and emails associated with Mercury and other fintech accounts. The company has notified its affected customers about the breach and the preventative measures being taken to secure their funds. Alex Arango, Head of Cyber Threat Management at Mercury Financial, has been actively working on strengthening the company's defenses using threat intelligence from Recorded Future. In an unrelated event, defensive sectors including consumer staples and utilities showed resilience on the local bourse, with Mercury NZ among the largest large-cap advancers. However, it should be clarified that this Mercury refers to a different entity than the threat actor or Mercury Financial. Similarly, references to "Mercury" in other contexts such as Virginia Mercury, a news outlet, and Mercury in the context of the Regents' meeting, do not pertain to the threat actor group.

Description last updated: 2024-07-17T01:15:31.189Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
MuddyWater	5	MuddyWater is a notable threat actor group that has been associated with various cyber-attacks, primarily targeting organizations in the Middle East, particularly Israeli entities, but also extending its activities to other nations including India, Jordan, Portugal, Turkey, and Azerbaijan. The group
Mint Sandstorm	2	Mint Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran's Islamic Revolutionary Guard Corps (IRGC), has been identified as a significant cyber threat actor. This group is known for its highly skilled operators and sophisticated social engineering techniques, often lacking the typica
Mango Sandstorm	2	Mango Sandstorm, also known as MuddyWater or Mercury, is a threat actor group linked to Iran's Ministry of Intelligence and Security (MOIS) by the Israeli government. The group has been identified as being involved in several cyber-attacks, utilizing various tactics to gain initial access to targete

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Papercut

Azure

flaw

State Sponso...

Microsoft

Vulnerability

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

ID	Type	Votes	Profile Description
Phosphorus	Unspecified	2	Phosphorus, also known as APT35 or Charming Kitten, is a notorious Iranian cyberespionage group linked to the Islamic Revolutionary Guard Corps (IRGC). This threat actor has been involved in a series of malicious activities, employing novel tactics and tools. A significant discovery was made by the
APT35	Unspecified	2	APT35, also known as the Newscaster Team, Charming Kitten, and Mint Sandstorm, is an Iranian government-sponsored cyber espionage group. The group focuses on long-term, resource-intensive operations to collect strategic intelligence. They primarily target sectors in the U.S., Western Europe, and the

Associated Vulnerabilities

To see the evidence that has resulted in these vulnerability associations, create a free account

ID	Type	Votes	Profile Description
CVE-2023-27350	Unspecified	2	CVE-2023-27350 is a significant software vulnerability discovered in PaperCut NG/MF, a popular print management software. This flaw in software design or implementation allows attackers to bypass authentication and execute code with system privileges, posing a serious threat to both server and inter

Source Document References

Information about the MERCURY Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	2 months ago	Iranian State Hackers Are Deploying a New Malware Backdoor
Malwarebytes	2 months ago	Affirm says Evolve Bank data breach also compromised some of its customers \| Malwarebytes
BankInfoSecurity	2 months ago	Evolve Ransomware Hack Affects Affirm and Fintech Companies
CERT-EU	8 months ago	Kansas State President Gives Cybersecurity Update \| #hacking \| #cybersecurity \| #infosec \| #comptia \| #pentest \| #ransomware \| National Cyber Security Consulting
CERT-EU	8 months ago	Google plans to allow more real-money games on the Play Store, starting with India, Brazil, and Mexico in June 2024, in compliance with local laws
CERT-EU	a year ago	Hybrid IT opens new avenues for cybercriminals
CERT-EU	8 months ago	APPALACHIAN POWER, WHEELING POWER SEEK APPROVAL OF SETTLEMENT AGREEMENT IN FUEL COST CASES
CERT-EU	8 months ago	AEP SIGNS AGREEMENT TO SELL NEW MEXICO SOLAR ASSETS
Recorded Future	9 months ago	Threat Intelligence to Elevate Your Security Defenses \| Recorded Future
CERT-EU	10 months ago	Does Private Internet Access Work in Russia? (2023)
CERT-EU	10 months ago	Italy's competition watchdog opens an investigation into whether Meta has failed to provide adequate information on how to mark branded content on Instagram
CERT-EU	10 months ago	A California jury convicts former VC Mike Rothenberg for defrauding investors on 21 counts of bank fraud, false statements, money laundering, and wire fraud
CERT-EU	10 months ago	Insights from Security Mavericks: Interpublic Group, FICO, and Mercury
CERT-EU	10 months ago	Techrights — Links 27/10/2023: Facebook Shrinks by a Lot, Yet More Microsoft Layoffs
CERT-EU	a year ago	A researcher details malicious and convincing Google ads linking to a fake site for password manager KeePass; Google shows a verified advertiser paid for them
Naked Security	a year ago	Serious Security: Rowhammer returns to gaslight your computer
CERT-EU	a year ago	New Zealand university operating despite cyberattack
CERT-EU	a year ago	ASX dives to 60-day low after Wall Street’s worst day in six months
CERT-EU	a year ago	OilRig’s Outer Space and Juicy Mix: Same ol’ rig, new drill pipes
CERT-EU	a year ago	Sources: Apple spent $5M on the film rights for Michael Lewis' book about Sam Bankman-Fried; at least eight Hollywood projects on SBF are in the works so far