Tag: iran
-
Pro-Iran crew turns DDoS into shakedown as Ubuntu.com stays down
313 Team tells Canonical: pay up or the packets keep coming First seen on theregister.com Jump to article: www.theregister.com/2026/05/01/canonical_confirms_ubuntu_infrastructure_under/
-
ODNI to CISOs on threat assessments: You’re on your own
Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfareThe bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
-
ODNI to CISOs on threat assessments: You’re on your own
Tags: access, ai, china, ciso, computer, control, credentials, cyber, cybercrime, data, defense, detection, disinformation, encryption, finance, framework, government, healthcare, identity, infrastructure, intelligence, iran, jobs, korea, metric, resilience, risk, russia, service, strategy, technology, theft, threat, tool, warfareThe bifurcated framework: Operational reporting vs. homeland focus: The report now operates on two distinct tracks that risk narrowing the threat horizon for CROs. In a departure from traditional probabilistic forecasting, the IC has transitioned toward active operational reporting. This shift prioritizes immediate success metrics, such as a significant drop in border encounters and fentanyl…
-
Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats
US Marines stationed around the Persian Gulf have been receiving WhatsApp messages from strangers suggesting they call home and make their final goodbyes. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/iran-handala-hackers-leak-us-marines-data-chilling-whatsapp-threats
-
Researchers unearth industrial sabotage malware that predated Stuxnet by 5 years
fast16.sys, is briefly mentioned in the 2017 Shadow Brokers leak of documents covering exploits and tools used by US National Security Agency cyber teams.”This 2005 attack is a harbinger for sabotage operations targeting ultra expensive high-precision computing workloads of national importance like advanced physics, cryptographic, and nuclear research workloads,” the SentinelOne researchers said in their…
-
Why Sharing a Screenshot Can Get You Jailed in the UAE
The war in Iran has drawn attention to arrests in the United Arab Emirates over online content, but the legal framework behind that enforcement has existed for years. First seen on wired.com Jump to article: www.wired.com/story/why-sharing-a-screenshot-can-get-you-jailed-in-the-uae/
-
OilRig Hides C2 Config in Google Drive Image via LSB Steganography
APT-C-49 (OilRig), an Iranian state-sponsored advanced persistent threat group also known as APT34 and Helix Kitten, has deployed a sophisticated new attack campaign that conceals command-and-control configurations inside Google Drive images using LSB steganography. The group, which has been active since at least 2014, primarily targets government, energy, telecommunications, and financial sectors across the Middle…
-
Researchers Identify Fast16 Sabotage Malware That Pre-Dates Stuxnet
The “fast16” malware may have been used to target Iran’s nuclear program prior to Stuxnet First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fast16-sabotage-malware-winds/
-
Pre-Stuxnet Sabotage Malware ‘Fast16’ Linked to US-Iran Cyber Tensions
What happened SentinelOne has uncovered Fast16, a Lua-based sabotage malware developed and deployed years before Stuxnet that was designed to tamper with high-precision calculation software used in civil engineering, physics, and physical process simulations. The malware was used in an attack in 2005 and was referenced in the ShadowBrokers’ 2016 leak of NSA offensive tools….The…
-
Researchers Uncover Pre-Stuxnet ‘fast16’ Malware Targeting Engineering Software
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran’s nuclear program by destroying uranium enrichment centrifuges.According to a new report published by SentinelOne, the previously undocumented cyber sabotage framework dates back to 2005, primarily targeting high-precision calculation software to tamper First seen on thehackernews.com…
-
Iran’s cyber threat may be less ‘shock and awe’ than ‘low and slow,’ officials say
Officials and experts believe the most likely threat from Iranian hackers is not a digital shock-and-awe campaign, but something quieter: opportunistic intrusions, dressed up to look bigger than they are. First seen on therecord.media Jump to article: therecord.media/iran-cyber-warfare-haugh
-
Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program”, and Predates Stuxnet
Researchers have finally cracked Fast16, mysterious code capable of silently tampering with calculation and simulation software. It was created in 2005″, and likely deployed by the US or an ally. First seen on wired.com Jump to article: www.wired.com/story/fast16-malware-stuxnet-precursor-iran-nuclear-attack/
-
The curious case of Sean Plankey’s derailed CISA nomination
Questions over who wanted Plankey blocked: On March 3, Ana Visneski, a former head of global disaster response at Amazon Web Services and former chief of digital media for the US Coast Guard, posted on Bluesky that she was “hearing from multiple sources” that Plankey “has been fired and escorted out of Coast Guard HQ…
-
Iran-nexus threat groups refine attacks against critical infrastructure
State-sponsored and hacktivist groups have shown greater determination to damage or disable energy, water and other key sectors. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iran-nexus-threat-groups-refine-attacks-against-critical-infrastructure/818299/
-
Staatliche Cyberbedrohungen aus Iran, China und Russland eskalieren – Wenn Cyberkriminalität, Hacktivismus und Staatsakteure verschmelzen
First seen on security-insider.de Jump to article: www.security-insider.de/cyberbedrohungen-iran-china-russland-epic-fury-europa-a-40617db671cfd271259ab16626a2c21a/
-
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage
Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
-
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage
Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
-
Crypto scam lures ships into Strait of Hormuz, falsely promising safe passage
Ship attacked by Iran after possibly falling for safe passage crypto scam. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/crypto-scam-lures-ships-into-strait-of-hormuz-falsely-promising-safe-passage/
-
Bluesky Back Online After DDoS Attack, as Iran-Linked 313 Team Takes Credit
Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported. First seen on hackread.com Jump to article: hackread.com/bluesky-online-ddos-attack-iran-313-team/
-
Hackers Tie Iranian Espionage to CastleRAT and ChainShell
A direct operational link between Iran’s MuddyWater espionage group and the Russian TAG-150 CastleRAT malware-as-a-service (MaaS) platform, showing how state and criminal ecosystems are now tightly intertwined. Investigators recovered 15 malware samples, including at least two CastleRAT “builds” and a PowerShell script named reset.ps1 that deploys a previously undocumented JavaScript/Node.js agent dubbed ChainShell. On this server, two native…
-
Iran Alleges US Networking Gear Was Deliberately Disabled
Reports from Iranian state media claim that U.S.-manufactured networking gear ceased functioning at critical moments during military strikes. The allegations, which cannot be independently verified, claim there were simultaneous failures across routers and switches produced by Cisco, Fortinet, Juniper Networks, and MikroTik during attacks on Iranian infrastructure. According to accounts published by the Iranian Fars..…
-
Iran Alleges US Networking Gear Was Deliberately Disabled
Reports from Iranian state media claim that U.S.-manufactured networking gear ceased functioning at critical moments during military strikes. The allegations, which cannot be independently verified, claim there were simultaneous failures across routers and switches produced by Cisco, Fortinet, Juniper Networks, and MikroTik during attacks on Iranian infrastructure. According to accounts published by the Iranian Fars..…
-
Iran Alleges US Networking Gear Was Deliberately Disabled
Reports from Iranian state media claim that U.S.-manufactured networking gear ceased functioning at critical moments during military strikes. The allegations, which cannot be independently verified, claim there were simultaneous failures across routers and switches produced by Cisco, Fortinet, Juniper Networks, and MikroTik during attacks on Iranian infrastructure. According to accounts published by the Iranian Fars..…
-
The thin gray line: Handala, CyberAv3ngers and Iran’s proxy ops
A state of perpetual interference: To understand how proxy insurgent groups such as Handala fit within Iran’s modern-day intelligence ecosystem, we first need to look at the historical development of the country’s intelligence operations.In 1953, the United States and Britain (via conduit operations of the CIA and MI6, respectively) instigated a coup in Iran that…
-
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
Bluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its services for about 24 hours, starting on April 15. Bluesky is a decentralized, open-source microblogging social media platform similar to X (formerly Twitter). It allows users to post…
-
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility
Bluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its services for about 24 hours, starting on April 15. Bluesky is a decentralized, open-source microblogging social media platform similar to X (formerly Twitter). It allows users to post…
-
Iran claims US used backdoors to knock out networking equipment during war
And China is loving it First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/iran_claims_us_used_backdoors/
-
Iran’s MOIS Tied to Coordinated Cyber Campaign Using Multiple Hacker Personas
A single Iranian state-directed operation is hiding behind several so”‘called “hacktivist” brands, using different online identities to run one coordinated global cyber campaign. New analysis links three prominent personas Homeland Justice, Karma/KarmaBelow80, and Handala to Iran’s Ministry of Intelligence and Security (MOIS), rather than to independent hacktivist groups as they claim. Researchers say these identities act as interchangeable…
-
JUMPSEC Unmasks Iranian ‘Muddy Water’ Using Russian ‘CastleRAT’ Malware
The post JUMPSEC Unmasks Iranian ‘Muddy Water’ Using Russian ‘CastleRAT’ Malware appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/muddy-water-castlerat-chainshell-malware-alliance/
-
News brief: Iranian cyberattacks target U.S. water, energy
Check out the latest security news from TechTarget SearchSecurity’s sister sites, Cybersecurity Dive and Dark Reading. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366641657/News-brief-Iranian-cyberattacks-target-US-water-energy