Mint Sandstorm

Threat Actor updated 23 days ago (2024-11-29T13:56:55.243Z)
Download STIX
Preview STIX
Mint Sandstorm, an Advanced Persistent Threat (APT) group linked to Iran's Islamic Revolutionary Guard Corps (IRGC), has been identified as a significant cybersecurity threat. The group has demonstrated its capability to rapidly weaponize N-day vulnerabilities in common enterprise applications and conduct highly targeted phishing campaigns. Mint Sandstorm's operators are characterized by their patience and high-level social engineering skills, enabling them to execute attacks that often lack the typical hallmarks of phishing emails, making detection more challenging. The group has targeted various individuals and organizations, including journalists, researchers, professors, and other experts covering security and policy topics of interest to the Iranian government. In June, the Trump campaign cited an incident involving Mint Sandstorm where a spear-phishing email was sent to a high-ranking campaign official from a compromised account. This attack was part of a larger trend of activity targeting U.S. critical infrastructure. In another notable case, the group attempted to log into an account belonging to a former presidential candidate and sent a spear-phishing email to a senior advisor's compromised email account. These incidents highlight the group's focus on high-value targets and its ability to infiltrate trusted communication channels. Microsoft has recommended specific mitigations to reduce the impact of activities associated with recent Mint Sandstorm campaigns. A typical tactic used by the group involves dropping a file in a specific location on the target's computer system. Mitigation strategies should therefore include monitoring for and addressing such suspicious activities. Furthermore, the group is known to deliver a malicious tool called MischiefTut through tailored phishing campaigns. Therefore, increased awareness and defensive measures against such phishing attempts are crucial in preventing successful attacks by Mint Sandstorm.
Description last updated: 2024-10-15T09:20:38.411Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Phosphorus is a possible alias for Mint Sandstorm. Phosphorus, also known as APT35 or Charming Kitten, is a prominent threat actor linked to the Islamic Revolutionary Guard Corps (IRGC) of Iran. The group is notorious for its cyberespionage activities and has been actively targeting high-profile individuals involved in Middle Eastern affairs at univ
4
APT35 is a possible alias for Mint Sandstorm. APT35, also known as the Newscaster Team, Charming Kitten, and Mint Sandstorm, is an Iranian government-sponsored cyber espionage team. This threat actor conducts long-term, resource-intensive operations to collect strategic and tactical intelligence on behalf of the Islamic Revolutionary Guard Corp
4
Charming Kitten is a possible alias for Mint Sandstorm. Charming Kitten, also known as APT35 or APT42 among other names, is a threat actor believed to be linked to the Iranian government. The group has been implicated in a series of cyber-attacks against various entities in Brazil, Israel, and the U.A.E., deploying a new backdoor that initiates an infect
4
Apt42 is a possible alias for Mint Sandstorm. APT42, also known as Charming Kitten, CharmingCypress, Storm-2035, Damselfly, Mint Sandstorm, TA453, and Yellow Garuda, is an Iran-nexus advanced persistent threat (APT) group that has been active in various cyberattacks. The group employs a range of tactics, techniques, and procedures (TTPs), such
3
TA453 is a possible alias for Mint Sandstorm. TA453, also known as Charming Kitten, APT35, Phosphorus, Newscaster, and Ajax Security Team, is a threat actor group suspected to be linked with the Iranian government. Researchers from Proofpoint have attributed cyberattacks on affiliates of former National Security Adviser John Bolton and nuclear
3
COBALT ILLUSION is a possible alias for Mint Sandstorm. Cobalt Illusion, also known as Mint Sandstorm, APT42, and TA453 among other names, is a threat actor known for its sophisticated social engineering campaigns. This group is associated with the Islamic Revolutionary Guard Corps and is recognized for conducting surveillance and espionage activities ag
2
MERCURY is a possible alias for Mint Sandstorm. Mercury, also known as MuddyWater and Static Kitten, is a threat actor group linked to global espionage activities, with suspected ties to the Iranian Ministry of Intelligence and Security. This group has been noted for its malicious activities, compromising multiple victims that another group, POLO
2
MuddyWater is a possible alias for Mint Sandstorm. MuddyWater is an Advanced Persistent Threat (APT) actor that first surfaced in 2017, primarily targeting countries in the Middle East, Europe, and the USA. The group uses a range of techniques for its cyber-espionage activities, including PowerShell for execution, HTTP for C2 communications, and mal
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Phishing
Microsoft
Apt
iranian
Exploit
Iran
Malware
Curl
Papercut
Vulnerability
flaw
exploitation
State Sponso...
Backdoor
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The CharmPower Malware is associated with Mint Sandstorm. CharmPower is a sophisticated malware, identified as an updated version of the Powerstar backdoor, that has been deployed by the Iranian hacking group known as Charming Kitten. The group used this malware in spear-phishing campaigns to target individuals affiliated with think tanks, universities, anUnspecified
2
Associated Threat Actors
To see the evidence that has resulted in these threatActor associations, create a free account
Alias DescriptionAssociation TypeVotes
The Mango Sandstorm Threat Actor is associated with Mint Sandstorm. Mango Sandstorm, also known as MuddyWater or Mercury, is a threat actor group linked to Iran's Ministry of Intelligence and Security (MOIS) by the Israeli government. The group has been identified as being involved in several cyber-attacks, utilizing various tactics to gain initial access to targeteUnspecified
2
Associated Vulnerabilities
To see the evidence that has resulted in these vulnerability associations, create a free account
Alias DescriptionAssociation TypeVotes
The CVE-2023-27350 Vulnerability is associated with Mint Sandstorm. CVE-2023-27350 represents a significant software vulnerability in PaperCut MF/NG, identified as an improper access control flaw. This weakness allows attackers to bypass authentication processes, providing them with the ability to execute code with system privileges. The vulnerability was first updaUnspecified
2
Source Document References
Information about the Mint Sandstorm Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securityaffairs
4 months ago
Securityaffairs
4 months ago
InfoSecurity-magazine
4 months ago
Securityaffairs
4 months ago
DARKReading
8 months ago
DARKReading
10 months ago
InfoSecurity-magazine
a year ago
Checkpoint
a year ago
CERT-EU
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
InfoSecurity-magazine
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
a year ago