Mint Sandstorm Subgroup Targets US Critical Infrastructure
- Actor Motivations: Espionage,Exfiltration,Sabotage
- Attack Vectors: Vulnerability Exploitation,Backdoor,Dropper,Spear Phishing
- Attack Complexity: High
- Threat Risk: High Impact/High Probability
The report details the Mint Sandstorm subgroup's cyberattacks targeting US critical infrastructure, including seaports, energy companies, transit systems, and a major utility and gas entity. The group rapidly adopted publicly disclosed proof-of-concept (POC) code to exploit vulnerabilities in internet-facing applications. The attacks also involved custom tools and implants, lateral movement, and persistence techniques. The phishing campaigns targeted individuals affiliated with think tanks and universities in Israel, North America, and Europe. The targeted sectors include transportation, energy, utilities, policy, security, and academia.
|Sector||Oil and Gas||Verified|
Tip: 17 related IOCs (4 IP, 8 domain, 0 URL, 0 email, 5 file hash) to this threat have been found.
Source: Secureworks - December 2022
Detection (three cases): dns-iprecords[.]tk, oracle-java[.]cf, universityofmhealth[.]biz
Source: PWC - July 2022
Detection (one case): 57cc5e44fd84d98942c45799f367db78adc36a5424b7f8d9319346f945f64a72
Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.