Microsoft: Iranian Hackers Moved From Recon to Targeting US Critical Infrastructure
Microsoft has warned that a subgroup of Iran-linked advanced persistent threat (APT) actor Mint Sandstorm has started to quickly adopt proof-of-concept (PoC) exploit code targeting vulnerabilities in internet-facing applications. This subgroup has specialized in compromising high-value targets for information theft, and was recently observed quickly adopting PoC code for known vulnerabilities. Initially focused on performing reconnaissance, the subgroup transitioned to directly targeting critical infrastructure organizations in the United States in 2022, including energy companies, seaports, transit systems, and a major utility and gas company. These attacks were “potentially in support of retaliatory destructive cyberattacks,” Microsoft said. CVEs: CVE-2022-47966, CVE-2022-47986 Malware: CharmPower, Drokbk [View Article](https://www.securityweek.com/microsoft-iranian-hackers-moved-from-recon-to-targeting-us-critical-infrastructure/)