Tag: iran

APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials

Nov 10, 2025 9:19 AM

Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threat

The construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials

Nov 10, 2025 9:19 AM

Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threat

The construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks

Nov 5, 2025 7:20 PM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks

Nov 5, 2025 7:20 PM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
UNK_SmudgedSerpent Targets Academics With Political Lures

Nov 5, 2025 5:19 PM

Tags: cyber, group, iran, malware, phishing

A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/unksmudgedserpent-targets-academics/
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid IranIsrael Tensions

Nov 5, 2025 1:19 PM

Tags: attack, cyber, hacker, iran, threat

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel.”UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the First seen on thehackernews.com Jump…
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid IranIsrael Tensions

Nov 5, 2025 1:19 PM

Tags: attack, cyber, hacker, iran, threat

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel.”UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the First seen on thehackernews.com Jump…
Elusive Iranian APT Phishes Influential US Policy Wonks

Nov 5, 2025 11:19 AM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
Elusive Iranian APT Phishes Influential US Policy Wonks

Nov 5, 2025 11:19 AM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
Data Leak Outs Hacker Students of Iran’s MOIS Training Academy

Oct 30, 2025 8:19 PM

Tags: data, hacker, iran, leak, training

Ravin Academy, a school for the Iranian state hackers of tomorrow, has itself, ironically, been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy
Data Leak Outs Hacker Students of Iran’s MOIS Training Academy

Oct 30, 2025 8:19 PM

Tags: data, hacker, iran, leak, training

Ravin Academy, a school for the Iranian state hackers of tomorrow, has itself, ironically, been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy
Data Leak Outs Students of Iran’s MOIS Training Academy

Oct 30, 2025 4:19 PM

Tags: data, hacker, iran, leak, training

A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy
Data Leak Outs Students of Iran’s MOIS Training Academy

Oct 30, 2025 4:19 PM

Tags: data, hacker, iran, leak, training

A school for the Iranian state hackers of tomorrow has itself, ironically, been hacked. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy
The Shadow War: Predatory Sparrow vs. Iran’s Infrastructure

Oct 28, 2025 3:26 PM

Tags: cyber, infrastructure, iran

Inside the cyber shadow war where Predatory Sparrow targets Iran’s vital systems. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/the-shadow-war-predatory-sparrow-vs-irans-infrastructure/
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations

Oct 28, 2025 2:26 PM

Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threat

Advanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
MuddyWater’s Phoenix Backdoor Infects More Than 100 Government Organizations

Oct 28, 2025 2:26 PM

Tags: attack, backdoor, cyber, espionage, government, group, intelligence, international, iran, middle-east, phishing, threat

Advanced Persistent Threat (APT) MuddyWater has orchestrated a sophisticated phishing campaign targeting over 100 government entities across the Middle East, North Africa, and international organizations worldwide. Group-IB Threat Intelligence has attributed the campaign to the Iran-linked threat actor with high confidence, revealing an alarming escalation in the group’s espionage capabilities and operational sophistication. The attack…
Iranian Intel-Linked Cybersecurity School Hit by Data Breach

Oct 27, 2025 11:26 PM

Tags: breach, cyber, cybersecurity, data, data-breach, intelligence, iran

Ravin Academy Records Reveal Identities of More Than 1,000 Participants. A public database of internal records from Iran’s Ravin Academy – a cyber school linked to the Ministry of Intelligence – has been published online, exposing potentially sensitive data on over 1,000 trainees, including individuals reportedly tied to Western institutions. First seen on govinfosecurity.com Jump…
Iran’s school for cyberspies could’ve used a few more lessons in preventing breaches

Oct 27, 2025 8:26 PM

Tags: breach, data, iran

Ravin Academy confirms the intrusion on Telegram, says student data was stolen First seen on theregister.com Jump to article: www.theregister.com/2025/10/27/breach_iran_ravin_academy/
Breach at Iran’s cyberspy factory results in leak of student data

Oct 27, 2025 6:26 PM

Tags: breach, data, iran, leak

Ravin Academy confirms the intrusion on Telegram, says investigation continues First seen on theregister.com Jump to article: www.theregister.com/2025/10/27/breach_iran_ravin_academy/
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Critical Infrastructure

Oct 27, 2025 12:26 PM

Tags: cyber, cyberattack, cybercrime, data, finance, group, infrastructure, iran, service, threat

A sophisticated cyber-sabotage group known as Predatory Sparrow has emerged as one of the most destructive threat actors targeting Iranian critical infrastructure over the past several years. Unlike traditional cybercriminal operations focused on financial gain, this group executes highly disruptive campaigns designed to cripple essential services, destroy sensitive data, and send provocative political messages. Security…
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Critical Infrastructure

Oct 27, 2025 12:26 PM

Tags: cyber, cyberattack, cybercrime, data, finance, group, infrastructure, iran, service, threat

A sophisticated cyber-sabotage group known as Predatory Sparrow has emerged as one of the most destructive threat actors targeting Iranian critical infrastructure over the past several years. Unlike traditional cybercriminal operations focused on financial gain, this group executes highly disruptive campaigns designed to cripple essential services, destroy sensitive data, and send provocative political messages. Security…
Predatory Sparrow Strikes: Coordinated Cyberattacks Seek to Cripple Critical Infrastructure

Oct 27, 2025 12:26 PM

Tags: cyber, cyberattack, cybercrime, data, finance, group, infrastructure, iran, service, threat

A sophisticated cyber-sabotage group known as Predatory Sparrow has emerged as one of the most destructive threat actors targeting Iranian critical infrastructure over the past several years. Unlike traditional cybercriminal operations focused on financial gain, this group executes highly disruptive campaigns designed to cripple essential services, destroy sensitive data, and send provocative political messages. Security…
Iran’s MuddyWater wades into 100+ government networks in latest spying spree

Oct 24, 2025 8:26 AM

Tags: email, government, group, iran, middle-east, network, phishing, vpn

Group-IB says Tehran-linked crew used hijacked mailbox and VPN to sling phishing emails across Middle East First seen on theregister.com Jump to article: www.theregister.com/2025/10/24/iran_muddywater_campaign/
Iran’s MuddyWater wades into 100+ government networks in latest spying spree

Oct 24, 2025 8:26 AM

Tags: email, government, group, iran, middle-east, network, phishing, vpn

Group-IB says Tehran-linked crew used hijacked mailbox and VPN to sling phishing emails across Middle East First seen on theregister.com Jump to article: www.theregister.com/2025/10/24/iran_muddywater_campaign/