Building 92 on the Microsoft Redmond campus, Washington, US
Hackers linked to Iran are targeting critical US infrastructure including transport, energy and ports, Microsoft has warned.
A report released on Tuesday by Microsoft Threat Intelligence revealed the threat from the Iranian hackers, known as "Mint Sandstorm".
The gang’s recently adopted new strategy is to target energy and transportation infrastructure across the US, including ports, energy companies, and transit systems.
Initially engaged in reconnaissance, the subgroup eventually began attacking critical infrastructure organizations in the United States in 2022.
These attacks were "potentially designed to support destructive cyberattacks in retaliation," Microsoft said.
"Mint Sandstorm" is a new name used by Microsoft to track the activities of hackers formerly known as Phosphorus, a collection of threat actors deemed to be affiliated with the Iranian Revolutionary Guard Corps (IRGC) intelligence arm.
Mint Sandstorm has also been referred to as APT35, APT42, Charming Kitten, and TA453. However, Iran has denied carrying out cyberattacks.
Since at least 2011, Mint Sandstorm has targeted activists, journalists, critical infrastructure, and government entities.
Microsoft researchers reported in February that an Iranian regime-backed hacking team had stolen and leaked the French satirical magazine Charlie Hebdo's data.
The hackers, calling themselves “Holy Souls,” were from the Iranian cybersecurity firm Emennet Pasargad, according to Clint Watts, General Manager of Microsoft's Digital Threat Analysis Center.
In November 2021, the United States Justice Department indicted two Iranians, Mohammad Hosein Musa Kazemi and Sajjad Kashian, who were employed by Emennet Pasargad.
During the 2020 presidential election, they allegedly conducted a cyber campaign "to intimidate and influence American voters" as well as undermine voter confidence and sow discord.