Skip to content
Latest
Ghost Phishing Shows Why Email Security Must Follow the BrowserPakistani Police Intrusions Show Why Public-Sector Data Systems Are Strategic TargetsBad Epoll Shows Linux Kernel LPEs Belong in the Patch Priority QueueFake Payment SDKs Show Why Dependency Risk Is Credential RiskCritical UniFi Flaws Put Network Control Planes Back in the Patch QueueVidar Stealer Campaign Shows Why File Size and Fake Signatures Still Beat Weak ControlsADFS Signing Keys Show Why Federation Servers Are Tier-Zero Identity InfrastructureUAT-7810 Shows Edge Devices Are Becoming China-Nexus Relay InfrastructureFortiBleed Shows Firewall Credentials Are Ransomware FuelNetNut and Popa Takedown Shows Residential Proxies Are Now Attack InfrastructureVect and TeamPCP Show Supply-Chain Credentials Are Ransomware FuelOusaban Shows Banking Trojans Are Learning to Hide From SandboxesNUT upsmon Command Injection Shows UPS Monitoring Belongs in the Patch QueueARToken Shows Microsoft 365 Tokens Are the New BEC Control Plane

Category Archive

Iranian Cyber Threat Intelligence

24 reports · All intelligence

Iranian state and proxy cyber operations — hacktivist fronts, wipers, and ICS-focused activity, mapped to detectable behavior.

Chinese Cyber Threat Intelligence
Water Systems Are Becoming Nation-State Pressure Points
Chinese Cyber Threat Intelligence·

Water Systems Are Becoming Nation-State Pressure Points

Nation-state targeting of water systems shows why exposed OT, weak credentials, remote access, and poor IT/OT segmentation remain practical business risks—not just utility-sector problems.

Cyber Security Blog
MuddyWater’s Chaos Masquerade Shows Ransomware Response Needs Attribution Discipline
Cyber Security Blog·

MuddyWater’s Chaos Masquerade Shows Ransomware Response Needs Attribution Discipline

Iran-linked MuddyWater activity shows why ransomware response needs to examine identity compromise, remote access, and adversary objectives instead of trusting the ransom note at face value.

Cyber Security Blog
Handala’s Cal Water Claim Shows OT Defense Starts With Segmentation
Cyber Security Blog·

Handala’s Cal Water Claim Shows OT Defense Starts With Segmentation

Handala’s California Water Service claim is a reminder that critical-infrastructure defense starts with proving separation between billing systems, telemetry platforms, and operational technology.

Cyber Security Blog
Nimbus Manticore Shows Iranian APTs Are Moving Faster With AI-Assisted Tooling
Cyber Security Blog·

Nimbus Manticore Shows Iranian APTs Are Moving Faster With AI-Assisted Tooling

Check Point Research reports that IRGC-affiliated Nimbus Manticore resurfaced with fake Zoom and SQL Developer lures, SEO poisoning, AppDomain hijacking, and a new MiniFast backdoor. Here is what SMBs and government contractors should tighten first.

Cyber Security Blog
Screening Serpens Shows Recruiting Is Now an Espionage Attack Surface
Cyber Security Blog·

Screening Serpens Shows Recruiting Is Now an Espionage Attack Surface

Iran-nexus Screening Serpens used recruitment and meeting lures, new RAT variants, and .NET AppDomainManager hijacking. Here is what SMBs and government contractors should tighten now.

Iranian Cyber Threat Intelligence
FBI Alert: Iranian MOIS Hackers Weaponize Telegram as C2 Channel to Target Dissidents Worldwide
Iranian Cyber Threat Intelligence·

FBI Alert: Iranian MOIS Hackers Weaponize Telegram as C2 Channel to Target Dissidents Worldwide

The FBI has issued a critical alert warning that Iranian government hackers are weaponizing Telegram as a command and control (C2) channel to steal data from dissidents, opposition groups, and journalists who oppose the regime around the world. According to the FBI alert publishe

Iranian Cyber Threat Intelligence
FBI Confirms Handala Hackers Breached Director Patel’s Personal Email Account
Iranian Cyber Threat Intelligence·

FBI Confirms Handala Hackers Breached Director Patel’s Personal Email Account

Iran-linked hackers have successfully breached the personal email account of FBI Director Kash Patel, publishing photos, documents, and email correspondence in a significant escalation of cyber operations targeting senior U.S. government officials. The Handala Hack Team, a hackti

Iranian Cyber Threat Intelligence
Iranian Handala Hackers Breach FBI Director Kash Patel’s Personal Email, Leak Photos and Documents
Iranian Cyber Threat Intelligence·

Iranian Handala Hackers Breach FBI Director Kash Patel’s Personal Email, Leak Photos and Documents

Iran-linked hacking group Handala Hack Team has successfully breached the personal email account of FBI Director Kash Patel, publishing photographs and documents stolen from his inbox, according to The Guardian and confirmed by the FBI. Attack Details The breach was announced by

Iranian Cyber Threat Intelligence
FBI Alert: Iranian MOIS Hackers Weaponize Telegram for Global Espionage Against Dissidents
Iranian Cyber Threat Intelligence·

FBI Alert: Iranian MOIS Hackers Weaponize Telegram for Global Espionage Against Dissidents

The FBI has issued a public alert warning that Iranian government hackers affiliated with the Ministry of Intelligence and Security (MOIS) are actively weaponizing Telegram as a command-and-control (C2) platform to conduct espionage operations against dissidents, opposition group

Iranian Cyber Threat Intelligence
Iranian Handala Hackers Breach FBI Director Kash Patel’s Personal Email Account
Iranian Cyber Threat Intelligence·

Iranian Handala Hackers Breach FBI Director Kash Patel’s Personal Email Account

In a significant escalation of Iranian cyber operations against U.S. government officials, the Iran-linked hacktivist group Handala has successfully compromised the personal email account of FBI Director Kash Patel. The breach, confirmed by the FBI on March 27, 2026, resulted in

Iranian Cyber Threat Intelligence
CanisterWorm Wiper Weaponizes Trivy Supply Chain to Target Iran
Iranian Cyber Threat Intelligence·

CanisterWorm Wiper Weaponizes Trivy Supply Chain to Target Iran

A cybercrime group is attempting to leverage the ongoing US-Iran conflict by deploying a destructive wiper malware that specifically targets systems configured for Iranian users, according to new research from Krebs on Security and Aikido. TeamPCP Launches Iran-Targeting Wiper Th

Iranian Cyber Threat Intelligence
FBI Flash Alert: Iranian Handala Hackers Weaponize Telegram for Malware C2 Operations
Iranian Cyber Threat Intelligence·

FBI Flash Alert: Iranian Handala Hackers Weaponize Telegram for Malware C2 Operations

The FBI has issued a flash alert warning network defenders that Iranian hackers linked to the Ministry of Intelligence and Security (MOIS) are actively using Telegram as command-and-control (C2) infrastructure in malware attacks targeting journalists, dissidents, and opposition g

Iranian Cyber Threat Intelligence
Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization
Iranian Cyber Threat Intelligence·

Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization

A comprehensive analysis by Unit 42 reveals a fundamental shift in Iranian cyber operations: state-aligned threat actors are abandoning custom malware in favor of weaponizing enterprise administrative tools to achieve unprecedented scale and stealth. The Strategic Shift During re

Iranian Cyber Threat Intelligence
Iranian Threat Actors Target Hikvision and Dahua IP Cameras for Kinetic Strike Coordination
Iranian Cyber Threat Intelligence·

Iranian Threat Actors Target Hikvision and Dahua IP Cameras for Kinetic Strike Coordination

As Iran-Israel-US military operations escalate in the Middle East, Check Point Research and Tenable have identified a significant surge in Iranian threat actors targeting IP cameras manufactured by Hikvision and Dahua. The activity, which began spiking on February 28, 2026, coinc

Iranian Cyber Threat Intelligence
Pro-Iranian Hackers Expand Targeting of US Critical Infrastructure as Cyber Chaos Escalates
Iranian Cyber Threat Intelligence·

Pro-Iranian Hackers Expand Targeting of US Critical Infrastructure as Cyber Chaos Escalates

Pro-Iranian hackers are expanding their operations beyond the Middle East and increasingly targeting critical infrastructure in the United States, according to cybersecurity experts and recent incidents. The attacks represent a significant escalation in Iran’s cyber warfare capab

Iranian Cyber Threat Intelligence
Iranian Handala Hacktivists Deploy Wiper Malware Against Medical Device Giant Stryker
Iranian Cyber Threat Intelligence·

Iranian Handala Hacktivists Deploy Wiper Malware Against Medical Device Giant Stryker

Iran-linked hacktivist group Handala has claimed responsibility for a devastating wiper malware attack against Stryker Corporation, a Fortune 500 medical technology company with over 53,000 employees and $22.6 billion in annual sales. Attack Scale and Impact According to Handala’

Iranian Cyber Threat Intelligence
Iranian MOIS Cyber Actors Embrace Criminal Ecosystem: From Rhadamanthys to Ransomware Affiliates
Iranian Cyber Threat Intelligence·

Iranian MOIS Cyber Actors Embrace Criminal Ecosystem: From Rhadamanthys to Ransomware Affiliates

A new Check Point Research report reveals that Iranian Ministry of Intelligence and Security (MOIS)-linked threat actors are increasingly engaging with the cybercrime ecosystem, moving beyond mere imitation to directly leveraging criminal tools, services, and affiliate-style rela

Iranian Cyber Threat Intelligence
Seedworm APT Deploys Dindoor and Fakeset Backdoors Inside US Critical Infrastructure Networks
Iranian Cyber Threat Intelligence·

Seedworm APT Deploys Dindoor and Fakeset Backdoors Inside US Critical Infrastructure Networks

Iran’s Seedworm APT group (also known as MuddyWater) has established persistent access inside the networks of multiple US organizations since early February 2026, deploying two previously unknown malware implants as geopolitical tensions between the US and Iran escalate. New Back

Iranian Cyber Threat Intelligence
60+ Pro-Iranian Hacktivist Groups Activate AI-Enabled ICS Attacks Following US-Israel Strikes
Iranian Cyber Threat Intelligence·

60+ Pro-Iranian Hacktivist Groups Activate AI-Enabled ICS Attacks Following US-Israel Strikes

In the largest single-event activation of Iranian-aligned cyber actors ever documented, more than 60 pro-Iranian hacktivist groups became active on Telegram within hours of the February 28 US-Israel military strikes on Iran. Armed with AI tools and targeting over 40,000 internet-

Iranian Cyber Threat Intelligence
Iranian Cyber Threats Intensify: APT Groups and Hacktivists Target U.S. and Allied Infrastructure
Iranian Cyber Threat Intelligence·

Iranian Cyber Threats Intensify: APT Groups and Hacktivists Target U.S. and Allied Infrastructure

Executive Summary As hostilities between Iran and the U.S./Israeli-led coalition escalate, threat intelligence indicates Iranian-aligned cyber actors pose an elevated near-term risk to organizations across North America and allied nations. These actors have a well-documented hist

Iranian Cyber Threat Intelligence
Seedworm APT Targets US Banks and Airports with New Dindoor and Fakeset Backdoors
Iranian Cyber Threat Intelligence·

Seedworm APT Targets US Banks and Airports with New Dindoor and Fakeset Backdoors

Iranian state-sponsored hackers have maintained persistent access inside multiple US critical infrastructure networks since early February 2026, establishing footholds that security researchers warn could enable devastating attacks amid escalating geopolitical tensions in the Mid

Iranian Cyber Threat Intelligence
Iranian APT Infy Resurfaces with New Tornado Malware After Internet Blackout
Iranian Cyber Threat Intelligence·

Iranian APT Infy Resurfaces with New Tornado Malware After Internet Blackout

The elusive Iranian threat group known as Infy (also tracked as Prince of Persia) has evolved its tactics and deployed new command-and-control infrastructure, resuming operations precisely when Iran’s government-imposed internet blackout ended in late January 2026. Operational Ti

Iranian Cyber Threat Intelligence
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention
Iranian Cyber Threat Intelligence·

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

By Tom Fakterman, Daniel Frank and Jerome Tujague READ ARTICLE Executive Summary This article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 tracks as Curious Serpens. Curious Serpens (aka Peach Sands

Iranian Cyber Threat Intelligence
Iran’s APT33 targets US defense contractors with novel malware
Iranian Cyber Threat Intelligence·

Iran’s APT33 targets US defense contractors with novel malware

https://www.scmagazine.com/news/iranian-threat-group-apt33-targets-us-defense-contractors-with-novel-malware