Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

Over the past several months, Microsoft has observed a mature subgroup of Mint Sandstorm, an Iranian nation-state actor previously tracked as PHOSPHORUS, refining its tactics, techniques, and procedures (TTPs). Specifically, this subset has rapidly weaponized N-day vulnerabilities in common enterprise applications and conducted highly-targeted phishing campaigns to quickly and successfully access environments of interest. This Mint Sandstorm subgroup has also continued to develop and use custom tooling in selected targets, notably organizations in the energy and transportation sectors. Given this …

access actor applications attack campaigns capabilities energy enterprise environments high interest iranian microsoft mint mint sandstorm nation nation-state actor organizations phishing phosphorus procedures profile quickly sandstorm state tactics techniques threat threat actor tooling transportation transportation sectors ttps value vulnerabilities