Researchers have tracked a hacking campaign from government-backed Iranian hackers on critical U.S. energy infrastructure.
The campaign was active from late 2021 to 2022.
- The threat actor that deployed this hacking campaign was Mint Sandstorm, previously known as Phosphorus.
- Mint Sandstorm is believed to be tied to the Islamic Revolutionary Guard Corps.
- In this hacking campaign that lasted more than six months, Mint Sandstorm targeted:
- U.S. seaports,
- energy companies,
- transit systems,
- and utility and gas companies.
- The activity is suspected to be retaliatory and in response to attacks targeting its maritime, railway, and gas station payment systems that took place between May 2020 and late 2021.
- Researchers
stated that these attacks show Sandstorm's ability to constantly refine
its tactics as part of highly-targeted phishing campaigns to obtain
access to targeted environments.
- Mint
Sandstorm has previously attacked U.S. companies such as HBO,
threatening to leak scripts from famous TV shows such as Game of
Thrones. The hacker who deployed the attack was later indicted.
- The
group was also involved in a hacking campaign that targeted U.S.
infrastructure after the 2015 Nuclear deal between Iran and the U.S. The
Iranian government denied having any knowledge of the cyberattack.
- In 2022, the U.S. Department of Treasury sanctioned several members of Mint Sandstorm for previous hacking campaigns.
