Mint Sandstorm

Actor Type	Nation State
Attributed to Nation	Iran
Directly Linked Intrusion Sets	PHOSPHORUS , Charming Kitten , APT35 , CharmingCypress
Associated Threat Actor	Islamic Revolutionary Guard Corps (IRGC)

Mint Sandstorm is a cyber intrusion set attributed to Iran and tracked by Microsoft threat researchers. Microsoft previously referred to this group as PHOSPHORUS. Overlaps are noted with other Iranian groups including APT35, APT42, Charming Kitten and TA453.

The group has been observed targeting private and public sector organisations as well as individuals (such as journalists and political dissidents).

Cyber Threat Graph Context

Explore how this Intrusion Set relates to the wider threat graph

Mint Sandstorm Threat Reports

Report

Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets

This report from Microsoft Threat Intelligence describes a subset of activity related to the Mint Sandstorm actor. The campaign includes the theft ...

View Source

References

www.volexity.com

https://www.volexity.com/blog/2024/02/13/charmingcypress-innovating-persistence/

www.microsoft.com

https://www.microsoft.com/en-us/security/blog/2023/04/18/nation-state-threat-actor-mint-sandstorm-refines-tradecraft-to-attack-high-value-targets/