![]() Microsoft is sharing details on these operations to raise awareness on the risks associated with their activity and to empower organizations to harden their attack surfaces against tradecraft commonly used by this Mint Sandstorm subgroup. As with any observed nation state actor activity, Microsoft directly notifies customers that have been targeted or compromised, providing them with the information they need to secure their accounts. Microsoft Threat Intelligence consistently tracks threat actor activity, including Mint Sandstorm and its subgroups, and works across Microsoft Security products and services to build detections into our products that improve protection for customers. This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align with Iran’s national priorities. Today, Microsoft is reporting on a distinct Mint Sandstorm subgroup that specializes in hacking into and stealing sensitive information from high-value targets. In 2022, the US Department of Treasury sanctioned elements of Mint Sandstorm for past cyberattacks citing sponsorship from the IRGC. Microsoft assesses that Mint Sandstorm is associated with an intelligence arm of Iran’s military, the Islamic Revolutionary Guard Corps (IRGC), an assessment that has been corroborated by multiple credible sources including Mandiant, Proofpoint, and SecureWorks. Mint Sandstorm is a composite name used to describe several subgroups of activity with ties to the same organizational structure. Activity Microsoft tracks as part of the larger Mint Sandstorm group overlaps with public reporting on groups known as APT35, APT42, Charming Kitten, and TA453. Mint Sandstorm is known to pursue targets in both the private and public sectors, including political dissidents, activist leaders, the Defense Industrial Base (DIB), journalists, and employees from multiple government agencies, including individuals protesting oppressive regimes in the Middle East. This new name is part of the new threat actor naming taxonomy we announced today, designed to keep pace with the evolving and growing threat landscape. Mint Sandstorm is Microsoft’s new name for PHOSPHORUS, an Iranian nation-state actor. Given this subgroup’s capabilities, the profile of past targets, and the potential for cascading effects, Microsoft is publishing details on known tradecraft alongside corresponding detections and mitigations to help organizations protect against this and similar threats. This Mint Sandstorm subgroup has also continued to develop and use custom tooling in selected targets, notably organizations in the energy and transportation sectors. Specifically, this subset has rapidly weaponized N-day vulnerabilities in common enterprise applications and conducted highly-targeted phishing campaigns to quickly and successfully access environments of interest. Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures (TTPs). ![]() Microsoft Purview Data Lifecycle Management.Microsoft Purview Information Protection.Information protection Information protection.Microsoft Priva Subject Rights Requests.Microsoft Purview Communication Compliance.Microsoft Purview Insider Risk Management.Risk management & privacy Risk management & privacy.Microsoft Intune Endpoint Privilege Management.Endpoint security & management Endpoint security & management.Microsoft Defender External Attack Surface Management.Microsoft Defender Cloud Security Posture Mgmt.Microsoft Defender Vulnerability Management.Azure Active Directory part of Microsoft Entra.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |