Mint Sandstorm, previously identified and referred to as PHOSPHORUS, is an Iranian nation-state actor assessed to be a contingent of the Islamic Revolutionary Guard Corps that rapidly weaponizes N-day vulnerabilities to conduct targeted phishing campaigns against energy and transportation sectors as well as journalists and political dissidents. This article details some of the recent operations and tradecraft of Mint Sandstorm, as well as providing guidance on how to mitigate and defend against Mint Sandstorm’s style of cyberattacks.
