Tag: iran

CRESCENTHARVEST Malware Campaign Uses Iran Protest Lures to Deploy Info”‘Stealing RAT

Feb 18, 2026 7:58 AM

Tags: access, cyber, iran, malware, rat

A new malware campaign, dubbed CRESCENTHARVEST, that abuses the ongoing Iran protest narrative to deliver a powerful information”‘stealing remote access trojan (RAT) against Farsi”‘speaking users. The operation appears tailored to supporters of the protests and other Iran”‘focused audiences, with a clear focus on long”‘term surveillance rather than short”‘lived disruption. The campaign surfaced shortly after January 9…
New CRESCENTHARVEST Malware Targets Iranian Dissidents

Feb 18, 2026 5:58 AM

Tags: iran, malware

The post New CRESCENTHARVEST Malware Targets Iranian Dissidents appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-crescentharvest-malware-targets-iranian-dissidents/
New CRESCENTHARVEST Malware Targets Iranian Dissidents

Feb 18, 2026 5:58 AM

Tags: iran, malware

The post New CRESCENTHARVEST Malware Targets Iranian Dissidents appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-crescentharvest-malware-targets-iranian-dissidents/
Fresh Cyberespionage Operation Tied to Iranian Surveillance

Feb 17, 2026 9:58 PM

Tags: cyberespionage, iran, malware

Malware Campaign Uses Lures With Positive Portrayal of Anti-Tehran Protests. A new malware campaign is using a positive-sounding report into the recent protests in Iran, accompanied by real photos and videos, as lures in an apparent cyberespionage operation designed to conduct surveillance of dissident researchers and global communities, warn security researchers. First seen on govinfosecurity.com…
Hackers target supporters of Iran protests in new espionage campaign

Feb 17, 2026 3:58 PM

Tags: espionage, hacker, iran

The campaign began in early January, shortly after mass nationwide demonstrations erupted across Iran calling for an end to the Islamic Republic system. First seen on therecord.media Jump to article: therecord.media/hackers-target-iran-protest-supporters-cyber-campaign
State Hackers Turn Google AI Into Attack Acceleration Tool

Feb 13, 2026 7:58 PM

Tags: ai, attack, china, cyberattack, exploit, google, hacker, intelligence, iran, korea, malware, north-korea, social-engineering, tool

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle. State-backed hackers weaponized Google’s artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751
State Hackers Turn Google AI Into Attack Acceleration Tool

Feb 13, 2026 7:58 PM

Tags: ai, attack, china, cyberattack, exploit, google, hacker, intelligence, iran, korea, malware, north-korea, social-engineering, tool

China, Iran, North Korea Hackers Exploit Gemini Across Attack Life Cycle. State-backed hackers weaponized Google’s artificial intelligence model Gemini to accelerate cyberattacks, using the productivity tool as an offensive asset for reconnaissance, social engineering and malware development. Google said it has disabled accounts and strengthened defenses. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/state-hackers-turn-google-ai-into-attack-acceleration-tool-a-30751
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations

Feb 13, 2026 6:58 PM

Tags: china, cyber, defense, google, group, intelligence, iran, korea, north-korea, russia, threat

Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG).The tech giant’s threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense…
Google fears massive attempt to clone Gemini AI through model extraction

Feb 13, 2026 1:58 PM

Tags: access, ai, api, attack, china, ciso, cybercrime, cybersecurity, defense, exploit, google, government, group, hacker, intelligence, iran, jobs, korea, LLM, malicious, malware, north-korea, phishing, russia, service, social-engineering, threat, vulnerability

Nation-state groups used Gemini to accelerate attack operations: Google sees itself not just as a potential victim of AI cybercrime, but also an unwilling enabler. Its report documented how government-backed threat actors from China, Iran, North Korea, and Russia integrated Gemini into their operations in late 2025. The company said it disabled accounts and assets…
Iran’s Digital Surveillance Machine Is Almost Complete

Feb 9, 2026 1:13 PM

Tags: Internet, iran

After more than 15 years of draconian measures, culminating in an ongoing internet shutdown, the Iranian regime seems to be staggering toward its digital surveillance endgame. First seen on wired.com Jump to article: www.wired.com/story/irans-digital-surveillance-machine-is-almost-complete/
Cryptohack Roundup: Step Finance, CrossCurve Exploits

Feb 5, 2026 6:21 PM

Tags: breach, crypto, data, data-breach, exploit, finance, iran

Also: US Sanctions UK-Registered Exchanges Over Iran Ties. This week, Step Finance and CrossCurve hacks, the United States sanctioned U.K.-registered exchanges over Iran ties, forfeiture finalization of funds linked to Helix, Coinbase data breach, 2025’s illicit crypto flows and a UK regulator banned Coinbase ads. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/cryptohack-roundup-step-finance-crosscurve-exploits-a-30685
Infy Hackers Resume Operations with New C2 Servers After Iran Internet Blackout Ends

Feb 5, 2026 1:24 PM

Tags: control, group, hacker, infrastructure, Internet, iran, tactics, threat

The elusive Iranian threat group known as Infy (aka Prince of Persia) has evolved its tactics as part of efforts to hide its tracks, even as it readied new command-and-control (C2) infrastructure coinciding with the end of the widespread internet blackout the regime imposed at the start of the month.”The threat actor stopped maintaining its…
Protests Don’t Impede Iranian Spying on Expats, Syrians, Israelis

Feb 5, 2026 9:13 AM

Tags: credentials, iran, middle-east, phishing, spear-phishing, threat

Iranian threat actors have been stealing credentials from people of interest across the Middle East, using spear-phishing and social engineering. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-spies-expats-syrians-israelis
Exclusive: US used cyber weapons to disrupt Iranian air defenses during 2025 strikes

Feb 4, 2026 6:14 PM

Tags: country, cyber, defense, iran, military

The U.S. military digitally disrupted Iranian air missile defense systems during its operation last year against the country’s nuclear program, some of the most sophisticated action Cyber Command has taken to date against Iran. First seen on therecord.media Jump to article: therecord.media/iran-nuclear-cyber-strikes-us
AI-Coded Oppression: >>RedKitten<< Malware Targets Iranian Protesters

Feb 3, 2026 5:13 AM

Tags: ai, iran, malware

The post AI-Coded Oppression: >>RedKitten<< Malware Targets Iranian Protesters appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ai-coded-oppression-redkitten-malware-targets-iranian-protesters/
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists

Jan 31, 2026 9:15 PM

Tags: cyber, iran, threat

A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses.The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It’s said to coincide with the nationwide unrest in Iran that began towards the end…
TAMECAT PowerShell Backdoor Targets Edge and Chrome: Login Credentials At Risk

Jan 30, 2026 4:22 PM

Tags: backdoor, browser, chrome, credentials, cyber, defense, espionage, government, hacking, iran, login, microsoft, powershell, risk

TAMECAT is a sophisticated PowerShell-based backdoor linked to APT42, an Iranian state-sponsored hacking group. It steals login credentials from Microsoft Edge and Chrome browsers while evading detection. Security researchers from Israel’s National Digital Agency detailed its modular design in recent SpearSpecter campaign analysis.”‹ APT42 deploys TAMECAT in long-term espionage operations against senior defense and government…
New AI-Developed Malware Campaign Targets Iranian Protests

Jan 30, 2026 1:21 PM

Tags: ai, iran, malware

The RedKitten campaign distributes lures designed to target people seeking information about missing persons or political dissidents in Iran First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-malware-redkitten-iranian/
Germany and Israel Pledge Cybersecurity Alliance

Jan 21, 2026 12:13 AM

Tags: china, cyberattack, cybersecurity, defense, germany, iran, korea, north-korea, russia

Berlin Readies Legislation Authorizing More Aggressive Stance in Cyberspace. Germany wants to drastically step up defenses against cyberattacks from foes such as Russia, China, Iran and North Korea, and it’s looking to key ally Israel for lessons and cooperation. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/germany-israel-pledge-cybersecurity-alliance-a-30568
Iranian state TV feed reportedly hijacked to air anti-regime messages

Jan 19, 2026 3:13 PM

Tags: iran, unauthorized

About 10 minutes of unauthorized video aired on Iranian state television over the weekend, according to multiple reports. First seen on therecord.media Jump to article: therecord.media/iran-state-television-reported-hack-opposition
Hacktivists hijacked Iran ‘s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi

Jan 19, 2026 1:13 AM

Tags: control, iran

Activists hacked Iran ‘s Badr satellite, briefly broadcasting Reza Pahlavi’s anti-regime protest messages on state TV channels. Anti-regime activists briefly took control of Iran ‘s Badr satellite, hijacking state TV to broadcast Crown Prince Reza Pahlavi’s calls for protests against the Islamic Republic. Pahlavi’s media team also shared the footage of the hack. >>Several Iranian…
Iran’s internet shutdown is now one of its longest ever, as protests continue

Jan 15, 2026 8:51 PM

Tags: government, Internet, iran

Iran’s government-imposed internet shutdown enters its second week as authorities continue their violent crackdown on protesters. First seen on techcrunch.com Jump to article: techcrunch.com/2026/01/15/irans-internet-shutdown-is-now-one-of-its-longest-ever-as-protests-continue/
Iran’s partial internet shutdown may be a windfall for cybersecurity intel

Jan 14, 2026 10:12 PM

Tags: attack, backup, business, ceo, china, ciso, control, cyber, cybersecurity, data, defense, dns, finance, gartner, government, infrastructure, intelligence, Internet, iran, jobs, malicious, malware, service, siem, skills, soc, threat, zero-trust

only available launchpads. A connection from the Ministry of Agriculture might not be a farmer. It’s likely a tunnel for a state actor who needs an exit node.”Ranjbar said the removal of the traffic from millions of routine Iranian business and residential users allows a powerful visibility into Iranian government traffic patterns, thereby allowing SOCs…
Internet monitoring experts say Iran blackout likely to continue

Jan 12, 2026 11:01 PM

Tags: access, government, Internet, iran, monitoring

Several internet access monitors tracking the situation said the government has continued the total internet shutdown and plans to implement a whitelist of limited, approved sites, indicating the internet blackout is likely to continue for several more days. First seen on therecord.media Jump to article: therecord.media/internet-monitoring-experts-say-iran-blackouts-continue
Illicit Crypto Economy Surges Amid Increased Nation-State Activity

Jan 12, 2026 4:02 PM

Tags: crypto, cybercrime, iran, russia

Cybercriminal cryptocurrency transactions totaled billions in 2025, with activity from sanctioned countries like Russia and Iran causing the largest jump. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/illicit-crypto-economy-surges-nation-states
Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign

Jan 12, 2026 12:02 PM

Tags: access, apt, attack, awareness, cctv, china, communications, computer, control, defense, detection, email, encryption, endpoint, espionage, framework, government, group, india, intelligence, iran, malware, military, network, phishing, russia, rust, threat, tool, training

Rust offers evasion advantages: CloudSEK researchers said RustyWater was developed in Rust, which they said is increasingly used by malware authors for its memory safety features and cross-platform capabilities, according to the blog post. Other state-sponsored groups, including Russia’s Gossamer Bear and China-linked actors, have also deployed Rust-based malware in recent campaigns, according to security…
Dobrindt: Mehr Kooperation mit Israel für Sicherheit Deutschlands

Jan 12, 2026 11:01 AM

Tags: ai, cyber, cyberattack, cybercrime, germany, infrastructure, iran

Deutschland und Israel haben einen Cyber- und Sicherheitspakt geschlossen.Angesichts der wachsenden Gefahr von Angriffen will die Bundesrepublik ihre Zusammenarbeit mit Israel im Sicherheitsbereich ausbauen. Ziel sei mehr Schutz für Deutschland, sagte Bundesinnenminister Alexander Dobrindt (CSU) bei einem Besuch in Israel. Er unterzeichnete zusammen mit dem israelischen Ministerpräsidenten Benjamin Netanjahu einen Cyber- und Sicherheitspakt. Konkret geht es…
ICE Can Now Spy on Every Phone in Your Neighborhood

Jan 10, 2026 2:01 PM

Tags: china, Internet, iran, phone, scam, spy

Plus: Iran shuts down its internet amid sweeping protests, an alleged scam boss gets extradited to China, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-ice-can-now-spy-on-every-phone-in-your-neighborhood/
Security News This Week: ICE Can Now Spy on Every Phone in Your Neighborhood

Jan 10, 2026 1:01 PM

Tags: china, Internet, iran, phone, scam, spy

Plus: Iran shuts down its internet amid sweeping protests, an alleged scam boss gets extradited to China, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-ice-can-now-spy-on-every-phone-in-your-neighborhood/
MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Jan 10, 2026 1:01 PM

Tags: finance, iran, malicious, middle-east, phishing, rat, rust, spear-phishing, threat

The Iranian threat actor known as MuddyWater has been attributed to a spear-phishing campaign targeting diplomatic, maritime, financial, and telecom entities in the Middle East with a Rust-based implant codenamed RustyWater.”The campaign uses icon spoofing and malicious Word documents to deliver Rust based implants capable of asynchronous C2, anti-analysis, registry persistence, and modular First seen…