Nation-State Actor

Mint Sandstorm

Iran • Active since 2014

Mint Sandstorm is the same as Charming Kitten/APT35 - Iranian hackers who pretend to be journalists or conference organizers to trick their targets into giving up email access.

Overview

Mint Sandstorm is an Iranian IRGC-linked threat actor conducting espionage and influence operations. They target journalists, activists, and government officials using sophisticated social engineering.

Also Known As

APT35, Charming Kitten, TA453, Phosphorus, ITG18

Target Industries

Government, Media, Academia, Activism, Defense

Target Regions

United States, Europe, Middle East, Global

Is your business exposed?

Tactics, Techniques & Procedures

  • Social engineering via impersonation
  • Credential phishing
  • Multi-factor authentication bypass attempts
  • Cloud account compromise

Known Tools & Malware

HYPERSCRAPE, POWERLESS, CharmPower, DownPaper

Notable Campaigns

Journalist and Activist Targeting (2023)

Targeted journalists and human rights activists with fake interview requests.

Think Tank Credential Theft (2022)

Compromised think tank employees studying Iran and Middle East policy.

MITRE ATT&CK Techniques

T1566.001, T1598.003, T1111, T1530

Defense Recommendations

  1. 1.

    Train journalists and activists on targeted threats

  2. 2.

    Implement phishing-resistant MFA

  3. 3.

    Monitor for impersonation attempts

Related Threat Actors

Peach Sandstorm, Mango Sandstorm

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices