Tag: iran
-
California water utility probes breach claim by Iran-linked actor
The group Handala said it attacked one of the nation’s largest water companies. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/california-water-utility-breach-iran-hacker/823148/
-
UK critical infrastructure hit by 200 cyber incidents in a year, agency says
Head of National Cyber Security Centre says UK in ‘ongoing contest with capable adversaries’ and AI could add to threatThe UK’s critical national infrastructure has been hit by more than 200 cyber incidents over the past year and state-linked assailants were behind three-quarters of the attacks, according to the state cybersecurity body.Richard Horne, the chief…
-
UK critical infrastructure hit by 200 cyber incidents in a year, agency says
Head of National Cyber Security Centre says UK in ‘ongoing contest with capable adversaries’ and AI could add to threatThe UK’s critical national infrastructure has been hit by more than 200 cyber incidents over the past year and state-linked assailants were behind three-quarters of the attacks, according to the state cybersecurity body.Richard Horne, the chief…
-
Schläft Europa bei Cyberangriffen auf Wasserversorger?
Wenn man an Cyberkrieg denkt, kommen einem Wasserversorgungsunternehmen nur selten als Ziel in den Sinn. In den letzten Jahren jedoch, und insbesondere im Zusammenhang mit den Kriegen in der Ukraine und im Iran, gehörten sie zu den am stärksten in den Fokus geratenen Sektoren der kritischen Infrastruktur. Management Summary Wasserversorger geraten zunehmend ins Fadenkreuz… First…
-
Iran-linked group Handala claims to steal Cal Water customer info
First seen on scworld.com Jump to article: www.scworld.com/news/iran-linked-group-handala-claims-to-steal-cal-water-customer-info
-
Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.
Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked. On June 11, 2026, the Iran-linked threat group Handala posted a claim on its blog that it had compromised California Water Service, known as Cal Water, and published a 5GB proof-of-concept data dump to back it…
-
Handala Claims Israeli Radar Hack, But Evidence Shows Phone Admin Panel
An Iranian-linked hacker group called Handala claimed to have hit Israeli military targets with massive cyberattacks on Sunday,… First seen on hackread.com Jump to article: hackread.com/handala-israeli-radar-hack-evidence-phone-admin-panel/
-
Iran Signed a Ceasefire, Its Hackers Didn’t
An extension of the Geneva Conventions could impose restrictions on cyberwarfare under ceasefire conditions and close a major loophole in international conflict. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-signed-ceasefire-hackers
-
U.S. sanctions Iran’s largest crypto exchange Nobitex for facilitating terrorism financing
First seen on scworld.com Jump to article: www.scworld.com/brief/u-s-sanctions-irans-largest-crypto-exchange-nobitex-for-facilitating-terrorism-financing
-
Cryptohack Roundup: US Strikes Iran’s Crypto Network
Also: Former Hodlnaut CEO Charged and Stake DAO Hit by Exploit. Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. sanctioned Iran’s largest exchange, ex-Hodlnaut CEO faced charges, the U.S. Securities and Exchange Commission sued over a $12.3M AI crypto scam and exploits hit Gravity Bridge, Stake DAO and Gnosis…
-
Cryptohack Roundup: US Strikes Iran’s Crypto Network
Also: Former Hodlnaut CEO Charged and Stake DAO Hit by Exploit. Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. sanctioned Iran’s largest exchange, ex-Hodlnaut CEO faced charges, the U.S. Securities and Exchange Commission sued over a $12.3M AI crypto scam and exploits hit Gravity Bridge, Stake DAO and Gnosis…
-
Cryptohack Roundup: US Strikes Iran’s Crypto Network
Also: Former Hodlnaut CEO Charged and Stake DAO Hit by Exploit. Every week, ISMG rounds up cybersecurity incidents in digital assets. This week, the U.S. sanctioned Iran’s largest exchange, ex-Hodlnaut CEO faced charges, the U.S. Securities and Exchange Commission sued over a $12.3M AI crypto scam and exploits hit Gravity Bridge, Stake DAO and Gnosis…
-
U.S. sanctions Nobitex crypto exchange used by Iranian ransomware actors
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran’s largest cryptocurrency exchange, for facilitating payments related to terrorist activities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-us-sanctions-nobitex-crypto-exchange-used-by-ransomware/
-
The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran’s largest cryptocurrency exchange, for facilitating payments related to terrorist activities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-us-sanctions-nobitex-crypto-exchange-used-by-ransomware/
-
The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran’s largest cryptocurrency exchange, for facilitating payments related to terrorist activities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-us-sanctions-nobitex-crypto-exchange-used-by-ransomware/
-
The U.S. sanctions Nobitex crypto exchange used by ransomware
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran’s largest cryptocurrency exchange, for facilitating payments related to terrorist activities. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/the-us-sanctions-nobitex-crypto-exchange-used-by-ransomware/
-
Tankfüllstandsmesser in Tankstellen öffentlich über das Internet erreichbar
Mitte Mai hat CNN über einen Verdacht von US-Behörden berichtet. Demnach sollen Akteure, die mit dem Iran in Verbindung stehen, automatische Tankfüllstandsmesser (Automatic-Tank-Gauges, ATGs) an Tankstellen in den USA angegriffen haben. Dadurch konnten die Angreifer auf Geräte zugreifen, die über das Internet erreichbar und nicht durch Passwörter geschützt waren, und angezeigte Werte verändern. Zwar konnten…
-
Beschlagnahmung von Worktitans-Servern beeinträchtigt Irans Cyberoperationen
Ende Mai haben niederländische Ermittler der Financial Crime investigation of Netherlands (FIOD) in Rechenzentren bei Dronten und Schiphol-Rijk rund 800 Server beschlagnahmt. Das Ziel war der Hosting-Anbieter Worktitans B.V., der auf den ersten Blick wie jedes andere Unternehmen für Internetinfrastruktur aussah. Was die Ermittler jedoch aufdeckten, war weitaus bedeutender: eine Operation, die auf sanktionierter Infrastruktur…
-
Iranian Hackers Hijack AppDomainManager to Bypass EDR
Iran-linked hackers have upgraded their tradecraft by using AppDomainManager hijacking in .NET applications to turn off security telemetry before malicious code fully starts, making endpoint detection and response tools much harder to spot the attack. The campaign, attributed to the Iran-nexus group Screening Serpens, pairs this technique with DLL sideloading, fake job lures, and staged…
-
Iran-Linked Hackers Wipe IT and Recovery Systems in Middle East Cyberattack
Iran-linked hackers have launched a destructive cyber campaign that wipes IT, backup, and recovery systems at multiple organizations in the Middle East and beyond, severely undermining victims’ ability to restore operations after an attack. Evidence ties the operation to the long-running Iranian threat group Black Shadow, believed to work on behalf of Iran’s Ministry of…
-
LA Metro Hack Was Part of an Iranian Campaign
Ababil of Minab Claimed Hacktivism, But Research Points to Iran. Researchers say Iran-linked operators behind Ababil of Minab, not independent hacktivists, disrupted L.A. Metro in March by stealing data, deleting systems and targeting backups, signaling a shift toward destructive attacks on recovery infrastructure. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/la-metro-hack-was-part-iranian-campaign-a-31781
-
Internet Starts to Return in Iran After 3-Month Blackout
Some internet connectivity is returning in Iran after nearly 90 days offline, web monitoring groups say. But it isn’t clear if the reconnection is permanent. First seen on wired.com Jump to article: www.wired.com/story/internet-in-iran-starts-to-return-after-3-month-blackout/
-
Iranian government, not hacktivist group, breached LA Metro system, security firm says
A report by Israel-based Gambit Security dismisses the hackers’ claims of being patriotic but unaffiliated activists. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iranian-government-not-hacktivist-group-breached-la-metro-system-securit/821112/
-
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026.The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon…
-
Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover
An Israeli cybersecurity firm said Iran’s government is behind Ababil of Minab, a fake hacktivist persona that has claimed a series of data breaches after the start of the war in Iran. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/26/iranian-hackers-blamed-for-breach-of-los-angeles-transit-system-that-took-weeks-to-recover/
-
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
Iran’s Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranian-hackers-us-aviation/
-
Iran-Linked Hackers Target US Aviation with Phishing and SEO Poisoning Campaign
Iran’s Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iranian-hackers-us-aviation/
-
Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers
Nimbus Manticore accelerated cyberattacks during wartime, using AI-assisted malware, fake Zoom installers, and SEO poisoning. When the United States launched Operation Epic Fury against Iran at the end of February 2026, most analysts expected the country’s cyber apparatus to hunker down and weather the storm. That’s not what happened. Instead, researchers at Check Point have…
-
Iranian Hackers Deploy MiniFast and MiniJunk V2 via Phishing and SEO Poisoning
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026.The activity, besides embracing…