Iranian Government-Backed Hackers Targeting U.S. Energy and Transit Systems


An Iranian government-backed actor known as Mint Sandstorm has been linked to attacks aimed at critical infrastructure in the U.S. between late 2021 to mid-2022.

“This Mint Sandstorm subgroup is technically and operationally mature, capable of developing bespoke tooling and quickly weaponizing N-day vulnerabilities, and has demonstrated agility in its operational focus, which appears to align with Iran’s national priorities,” the Microsoft Threat Intelligence team said in an analysis.

Targeted entities consist of seaports, energy companies, transit systems, and a major U.S. utility and gas company. The activity is suspected to be retaliatory and in response to attacks targeting its maritime, railway, and gas station payment systems that took place between May 2020 and late 2021.

Read more…