Tag: iran

Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

Nov 19, 2025 5:49 AM

Tags: apt, iran

The post Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iranian-apt-unc1549-infiltrates-aerospace-by-hijacking-trusted-dlls-and-executing-vdi-breakouts/
Google Finds New Malware Backdoors Linked to Iran

Nov 18, 2025 11:49 PM

Tags: backdoor, defense, google, group, hacking, iran, malware, middle-east

Hacking Group Deploys Raft of Custom Malware Variants. An Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps. First seen…
Iran-Nexus Threat Actor UNC1549 Takes Aim at Aerospace

Nov 18, 2025 11:49 PM

Tags: defense, iran, threat

Researchers say Israel remains a central focus, with UNC1549 targeting aerospace and defense entities in the US, the UAE, Qatar, Spain, and Saudi Arabia. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/iran-nexus-threat-actor-unc1549-takes-aim-aerospace
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Nov 18, 2025 4:49 PM

Tags: attack, backdoor, defense, espionage, google, hacker, iran, malware, mandiant, threat

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented…
UNC1549 Hackers With Custom Tools Attacking Aerospace and Defense Systems to Steal Logins

Nov 18, 2025 9:49 AM

Tags: attack, cyber, defense, espionage, group, hacker, iran, login, threat, tool

The Iran-nexus cyber espionage group UNC1549 has significantly expanded its arsenal of custom tools and sophisticated attack techniques in an ongoing campaign targeting aerospace, aviation, and defense industries since mid-2024, according to new findings from Mandiant. The threat actor, which overlaps with Tortoiseshell and has suspected links to Iran’s Islamic Revolutionary Guard Corps (IRGC), demonstrates…
Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense

Nov 18, 2025 1:49 AM

Tags: apt, backdoor, defense, iran

The post Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iran-apt-spearspecter-uses-weeks-long-whatsapp-lures-and-fileless-tamecat-backdoor-to-hit-defense/
Iranian Hackers Use SpearSpecter to Target Senior Government Leaders

Nov 17, 2025 11:50 PM

Tags: government, hacker, iran, social-engineering

An Iranian campaign called SpearSpecter is quietly targeting senior officials with tailored social engineering and fileless malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iranian-hackers-use-spearspecter-to-target-senior-government-leaders/
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials

Nov 17, 2025 2:49 PM

Tags: cyber, defense, espionage, government, group, intelligence, iran, social-engineering, threat

Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under multiple aliases including APT42, Mint Sandstorm, Educated Manticore, and CharmingCypress, has demonstrated remarkable patience and…
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials

Nov 17, 2025 2:49 PM

Tags: cyber, defense, espionage, government, group, intelligence, iran, social-engineering, threat

Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under multiple aliases including APT42, Mint Sandstorm, Educated Manticore, and CharmingCypress, has demonstrated remarkable patience and…
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets

Nov 14, 2025 4:49 PM

Tags: defense, espionage, government, hacker, iran, spy, threat

The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign.The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA).”The…
Iranian Cyber Espionage: Proofpoint Uncovers UNK_SmudgedSerpent

Nov 10, 2025 11:19 PM

Tags: cyber, espionage, exploit, iran

Proofpoint uncovered UNK_SmudgedSerpent, an Iranian-linked espionage campaign that exploits trust and blurs attribution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iranian-cyber-espionage-proofpoint-uncovers-unk_smudgedserpent/
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials

Nov 10, 2025 9:19 AM

Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threat

The construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials

Nov 10, 2025 9:19 AM

Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threat

The construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks

Nov 5, 2025 7:20 PM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks

Nov 5, 2025 7:20 PM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
UNK_SmudgedSerpent Targets Academics With Political Lures

Nov 5, 2025 5:19 PM

Tags: cyber, group, iran, malware, phishing

A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/unksmudgedserpent-targets-academics/
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid IranIsrael Tensions

Nov 5, 2025 1:19 PM

Tags: attack, cyber, hacker, iran, threat

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel.”UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the First seen on thehackernews.com Jump…
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid IranIsrael Tensions

Nov 5, 2025 1:19 PM

Tags: attack, cyber, hacker, iran, threat

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel.”UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the First seen on thehackernews.com Jump…
Elusive Iranian APT Phishes Influential US Policy Wonks

Nov 5, 2025 11:19 AM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
Elusive Iranian APT Phishes Influential US Policy Wonks

Nov 5, 2025 11:19 AM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
Data Leak Outs Hacker Students of Iran’s MOIS Training Academy

Oct 30, 2025 8:19 PM

Tags: data, hacker, iran, leak, training

Ravin Academy, a school for the Iranian state hackers of tomorrow, has itself, ironically, been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy
Data Leak Outs Hacker Students of Iran’s MOIS Training Academy

Oct 30, 2025 8:19 PM

Tags: data, hacker, iran, leak, training

Ravin Academy, a school for the Iranian state hackers of tomorrow, has itself, ironically, been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy
Data Leak Outs Students of Iran’s MOIS Training Academy

Oct 30, 2025 4:19 PM

Tags: data, hacker, iran, leak, training

A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy
Data Leak Outs Students of Iran’s MOIS Training Academy

Oct 30, 2025 4:19 PM

Tags: data, hacker, iran, leak, training

A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy