Tag: iran
-
BSidesSF 2025: WHOIS Your Daddy: Tracking Iranian-Backed Cyber Operations With Passive DNS
Creator, Author and Presenter: Austin Northcutt Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube…
-
Hackers Lay in Wait, Then Knocked Out Iran Ship Comms
Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/hackers-knocked-out-iran-ship-comms
-
Hackers Lied In Wait, Then Knocked Out Iran Ship Comms
Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/hackers-knocked-out-iran-ship-comms
-
Hackers Disrupt Iranian Ships via Maritime Communication Terminals Exploiting MySQL Database
The National Iranian Tanker Company (NITC) and Islamic Republic of Iran Shipping Lines (IRISL), two sanctioned companies, are the operators of 64 boats, 39 tankers, and 25 cargo ships that were compromised in a targeted attack on Iran’s maritime infrastructure by the hacking collective Lab-Dookhtegan. Rather than attempting direct breaches of individual ships, which are…
-
MuddyWater APT Targets CFOs via OpenSSH; Enables RDP and Scheduled Tasks
A sophisticated spear-phishing campaign attributed to the Iranian-linked APT group MuddyWater is actively compromising CFOs and finance executives across Europe, North America, South America, Africa, and Asia. The attackers impersonate recruiters from Rothschild & Co, deploying Firebase-hosted phishing pages that incorporate custom math-based CAPTCHA challenges to evade detection and lend legitimacy. These lures lead victims…
-
Russia-linked European attacks renew concerns over water cybersecurity
Water utilities should remain vigilant: Although most water facility operators have received repeated warnings over the years that they are desirable targets for Russian, Iranian, and Chinese threat actors, experts say these latest incidents underscore the need to remain vigilant and step up security efforts. If water assets owners have “any kind of control system online,…
-
DEF CON volunteers step up to help water sector after China, Iran attack utilities
The DEF CON Franklin project paired volunteer cybersecurity experts with water utilities in four states, hardening their systems against potential nation-state threats. The founders expect that the model can work on a larger scale. First seen on therecord.media Jump to article: therecord.media/def-con-franklin-water-utility-cybersecurity-volunteers
-
IRGC-Linked Hackers Target Financial, Government, and Media Organizations
A sophisticated network of hackers with ties to Iran’s Islamic Revolutionary Guard Corps (IRGC) unleashed a barrage of cyber-operations designed to disrupt adversaries, steal sensitive data, and propagate ideological narratives. SecurityScorecard’s STRIKE threat intelligence team analyzed over 250,000 messages from 178 active groups, revealing a highly coordinated digital campaign that mirrored military actions on the…
-
Pro-Iran Hackers Aligned Cyber with Kinetic War Aims
SecurityScorecard analysis highlights wide variety of Iranian threat actors and coordination with military activity First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/proiran-hackers-aligned-cyber/
-
32% of exploited vulnerabilities are now zero-days or 1-days
Russian and Iranian threat activity rises: The security industry attributes only some of the newly discovered exploits to known attacker groups, and only some of those groups have known countries of origin. As a result, statistics on the origin of attacks are not perfect.During the first half of 2025, 181 of CVEs added to the…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict Uncovering a Stealthy WordPress Backdoor in mu-plugins NPM package ‘is’ with 2.8M weekly downloads infected devs with malware Coyote in the Wild: First-Ever […]…
-
DCHSpy Android Spyware Linked to Iran’s MuddyWater APT, Targets Geopolitical Foes with Starlink Lures
The post DCHSpy Android Spyware Linked to Iran’s MuddyWater APT, Targets Geopolitical Foes with Starlink Lures appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/dchspy-android-spyware-linked-to-irans-muddywater-apt-targets-geopolitical-foes-with-starlink-lures/
-
Apple alerted Iranians to iPhone spyware attacks, say researchers
Researchers say Apple sent out threat notifications to several Iranians in recent months, saying their iPhones had been hacked. Iran is likely behind the attacks. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/22/apple-alerted-iranians-to-iphone-spyware-attacks-say-researchers/
-
New DCHSpy Android Malware Targets WhatsApp, Call Logs, Audio, and Photos
Security researchers at Lookout have identified four novel samples of DCHSpy, an advanced Android surveillanceware attributed to the Iranian threat actor group MuddyWater, believed to be affiliated with Iran’s Ministry of Intelligence and Security (MOIS). These samples emerged approximately one week following the onset of the Israel-Iran conflict, highlighting the rapid adaptation of malware tooling…
-
After website hack, Arizona election officials unload on Trump’s CISA
As the state responded to a pro-Iranian attack, officials tell CyberScoop that it avoided reaching out to the federal agency, partly because it has been “politicized and weakened” under the president. First seen on cyberscoop.com Jump to article: cyberscoop.com/arizona-secretary-of-state-website-hack-candidate-portal-criticizes-cisa/
-
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The firstMuddyWatercampaign wasobservedin late 2017, when the APT group targeted entities in…
-
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX.Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it…
-
Iranian Hackers Deploy New Android Spyware Version
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-hackers-new-android-spyware/
-
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
Researchers from the cybersecurity firm Lookout detected the latest version of DCHSpy one week after Israel’s June bombing campaign targeting Iran’s nuclear program began. DCHSpy was first detected in 2024, but has since evolved and can now exfiltrate data from WhatsApp and files stored on devices, Lookout said. First seen on therecord.media Jump to article:…
-
Four new Android spyware samples linked to Iran’s intel agency
Persians added snooping capabilities to DCHSpy after Israeli bombs fell First seen on theregister.com Jump to article: www.theregister.com/2025/07/21/muddywaters_android_iran/
-
Iranian Threat Actors Use AI-Generated Emails to Target Cybersecurity Researchers and Academics
Iranian state-backed Advanced Persistent Threat (APT) groups and their hacktivist allies have stepped up operations that could spark worldwide cyber retaliation in the wake of Israeli and American strikes on Iranian nuclear and military facilities in June 2025. While kinetic conflicts remain contained, the cyber domain has seen a surge in preparatory activities targeting U.S.…
-
Iranian Threat Actors Target U.S. Critical Infrastructure, Including Water Systems
Iran’s Islamic Revolutionary Guard Corps (IRGC) has increased its asymmetric cyber operations in response to recent U.S. attacks on Iranian nuclear sites. Intelligence Group 13 has emerged as a major aggressor in attacking critical infrastructure in the United States. This elite unit, embedded within the Shahid Kaveh Cyber Group, operates at the nexus of tactical…
-
Iran seeks at least three cloud providers to power its government
Despite loathing the USA, Iran wants providers who match NIST’s definition of cloud computing First seen on theregister.com Jump to article: www.theregister.com/2025/07/14/iran_cloud_panel_evaluation/
-
Pay2Key Ransomware Gang Resurfaces With Incentives to Attack US, Israel
The ransomware-as-a-service (RaaS) operation, which has been tied to an Iranian advanced persistent threat (APT) group, recently boosted its affiliate profit share to 80% for attacks on Western targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/pay2key-ransomware-gang-incentives-attack-us-israel
-
Iranian APT Hackers Targeting Transportation and Manufacturing Sectors in Active Attacks
Tags: apt, attack, cyber, cyberattack, cybersecurity, group, hacker, infrastructure, iran, network, threatNozomi Networks Labs cybersecurity researchers have reported a startling 133% increase in cyberattacks linked to well-known Iranian advanced persistent threat (APT) groups in May and June 2025, following current tensions with Iran. This uptick aligns with warnings from U.S. authorities, including a June 30th Fact Sheet from the Cybersecurity and Infrastructure Security Agency (CISA) and…
-
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S.The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm).”…
-
MPs Warn of “Significant” Iranian Cyber-Threat to UK
The Intelligence and Security Committee has warned of Iran’s “aggressive” and “extensive” cyber capabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mps-warn-iranian-threat/
-
Iranian APTs increased activity against US industries in late spring, researchers say
Iranian advanced persistent threat (APT) groups, including those tracked as MuddyWater and APT33, appeared to launch more attacks against U.S. industrial entities in May and June, according to a report from Nozomi Networks. First seen on therecord.media Jump to article: therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025
-
Iran-linked hackers target US transportation, manufacturing firms
United States authorities have been warning of potential state-linked or hacktivist threats since the U.S. intervened in the Israel-Iran war. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iranian-hackers-us-transportation-manufacturing-israel-nozomi/752612/