The Iranian government-linked actor, Mint Sandstorm, has been linked to a series of attacks on critical infrastructure in the US from late 2021 to mid-2022, according to the Microsoft Threat Intelligence team. The targeted entities include seaports, energy companies, transit systems, and a major US utility and gas company. The attacks are believed to be in response to previous attacks on its maritime, railway, and gas station payment systems, which Iran subsequently accused the US and Israel of being behind. Unlike MuddyWater, which operates on behalf of Iran’s Ministry of Intelligence and Security (MOIS), Mint Sandstorm is associated with the Islamic Revolutionary Guard Corps (IRGC). The group is highly adept at developing bespoke tooling and weaponizing vulnerabilities, as well as constantly refining tactics as part of highly-targeted phishing campaigns. The attacks are conducted with the deployment of a custom PowerShell script, followed by the use of two attack chains and a custom and modular backdoor referred to as CharmPower.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: The Hacker News