Tag: iran
-
Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years
An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/iranian-pleads-guilty-to-robbinhood-ransomware-attacks-faces-30-years/
-
Iranian Cybergroup Toufan Targets Organizations to Steal Login Credentials
A pro-Palestinian cybergroup called Cyber Toufan, which means >>cyber storm,
-
Digitales Nomadentum: Mit dem Laptop um die Welt
Usbekistan, Georgien, Indien, Iran: Unsere Autorin lebt seit gut zehn Jahren als digitale Nomadin. Ein Rückblick auf skurrile Jobs und technische Herausforderungen. First seen on golem.de Jump to article: www.golem.de/news/digitales-nomadentum-mit-dem-laptop-um-die-welt-2505-195359.html
-
Critical infrastructure under attack: Flaws becoming weapon of choice
Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-dayTrade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
-
Iranian Hackers Posing as Model Agency to Target Victims
Unit 42, the threat intelligence arm of Palo Alto Networks, has exposed a covert operation likely orchestrated by Iranian cyber actors. The campaign involves a fraudulent website, megamodelstudio[.]com, meticulously designed to impersonate the Hamburg-based Mega Model Agency. Cyberespionage Campaign Uncovered Registered on February 18, 2025, and hosted at IP address 64.72.205[.]32 since March 1, 2025,…
-
‘Lemon Sandstorm’ Underscores Risks to Middle East Infrastructure
The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lemon-sandstorm-risks-middle-east-infrastructure
-
Iranian Cyber Espionage Uses Fake Modeling Agency for Targeted Attacks
Recently, researchers at Palo Alto Networks’ Unit 42 have uncovered a covert Iranian cyber-espionage campaign that employed a First seen on securityonline.info Jump to article: securityonline.info/iranian-cyber-espionage-uses-fake-modeling-agency-for-targeted-attacks/
-
Middle Eastern critical infrastructure targeted by long-term Iranian cyberattack
First seen on scworld.com Jump to article: www.scworld.com/brief/middle-eastern-critical-infrastructure-targeted-by-long-term-iranian-cyberattack
-
Iranian Hackers Breach Middle East Infrastructure
Tags: breach, credentials, cyberespionage, fortinet, group, hacker, infrastructure, iran, middle-east, network, technology, theft, threatFortinet Uncovers Long-Term Cyberespionage in Region. An Iranian state-sponsored threat group conducted a years-long cyberespionage campaign targeting a Middle East critical infrastructure provider, with its operational technology network a key target. The attackers focused reconnaissance activity and credential theft on the OT network. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-breach-middle-east-infrastructure-a-28284
-
Iranian APT Group Breaches Middle Eastern Critical Infrastructure in Stealth Campaign
Recently, the FortiGuard Incident Response (FGIR) team has released an in-depth analysis detailing a prolonged, state-sponsored intrusion into First seen on securityonline.info Jump to article: securityonline.info/iranian-apt-group-breaches-middle-eastern-critical-infrastructure-in-stealth-campaign/
-
Threat Actors Target Critical National Infrastructure with New Malware and Tools
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. Spanning from at least May 2023 to February 2025, with evidence of compromise dating back to May 2021, this espionage-driven campaign employed…
-
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware
An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network prepositioning a tactic often used to maintain persistent…
-
Iran claims to repel cyberattack on critical infrastructure
First seen on scworld.com Jump to article: www.scworld.com/news/iran-claims-to-repel-cyberattack-on-critical-infrastructure
-
Iran claims it stopped large cyberattack on country’s infrastructure
An Iranian state official said the country repelled “widespread and complex cyber attacks” on unspecified infrastructure over the weekend. First seen on therecord.media Jump to article: therecord.media/iran-cyberattack-national-infrastructure
-
Israel subjected to persistent targeting by Iranian hackers
First seen on scworld.com Jump to article: www.scworld.com/brief/israel-subjected-to-persistent-targeting-by-iranian-hackers
-
Erodiert die Security-Reputation der USA?
Tags: business, ceo, china, cisa, ciso, cybersecurity, cyersecurity, endpoint, exploit, germany, governance, government, intelligence, iran, kaspersky, north-korea, service, strategy, threat, usaTrump stiftet Verunsicherung auch wenn’s um Cybersicherheit geht.Nachdem US-Präsident Donald Trump nun auch Cybersicherheitsunternehmen per Executive Order für abweichende politische Positionen abstraft, befürchten nicht wenige Branchenexperten, dass US-Sicherheitsunternehmen künftig ähnlich in Verruf geraten könnten wie ihre russischen und chinesischen Konkurrenten. Die zentralen Fragen sind dabei:Können sich CISOs beziehungsweise ihre Unternehmen künftig noch auf US-amerikanische Bedrohungsinformationen…
-
CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide
Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk”, and has already caused global disruption. First seen on wired.com Jump to article: www.wired.com/story/cyberav3ngers-iran-hacking-water-and-gas-industrial-systems/
-
Israel Enters ‘Stage 3’ of Cyber Wars With Iran Proxies
While Israel and Iranian proxies fight it out IRL, their conflict in cyberspace has developed in parallel. These days attacks have decelerated, but advanced in sophistication. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/israel-stage-3-cyber-wars-with-iran-proxies
-
Iran’s MOIS-Linked APT34 Spies on Allies Iraq & Yemen
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/irans-mois-linked-apt34-spies-allies-iraq-yemen
-
New IOCONTROL Malware Let Attackers Control Critical Infrastructure Gain Remote Access
A new malware strain called IOCONTROL has emerged, posing a significant threat to Internet of Things (IoT) devices and operational technology (OT) systems, particularly those in critical infrastructure. First observed in December 2024, IOCONTROL is allegedly created by the anti-Israeli and pro-Iranian hacktivist group >>Cyber Av3ngers.
-
Windows Shortcut-Exploit seit 2017 von staatlichen Hackers als 0-Day genutzt
Sicherheitsforscher der Trend Micro Zero Day Initiative (ZDI) weisen auf eine 0-Day-Schwachstelle ( ZDI-CAN-25373) in Windows hin, die wohl seit 2017 von 11 staatlich unterstützten Hackergruppen aus Nordkorea, Iran, Russland und China ausgenutzt wird. Microsoft hat die Schwachstelle in Verknüpfungsdateien … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/03/20/windows-shortcut-exploit-seit-2017-von-staatlichen-hackers-als-0-day-genutzt/
-
State-Backed Hackers Exploiting Windows Zero-Day Since 2017
At least 11 state-sponsored hacking groups from North Korea, Iran, Russia, and China have been actively exploiting a newly uncovered Windows zero-day vulnerability in cyber espionage and data theft attacks since 2017. Despite clear evidence of exploitation, Microsoft has declined… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/zdi-can-25373-zero-day-exploited-since-2017/
-
New Windows zero-day feared abused in widespread espionage for years
.The zero-day vulnerability, tracked as ZDI-CAN-25373, has yet to be publicly acknowledged and assigned a CVE-ID by Microsoft. ZDI-CAN-25373 has to do with the way Windows displays the contents of .lnk files, a type of binary file used by Windows to act as a shortcut to a file, folder, or application, through the Windows UI.A…
-
Hacker nutzen alte Windows-Sicherheitslücke aus Microsoft tut nichts
Tags: bug, bug-bounty, china, cyberattack, exploit, germany, hacker, iran, microsoft, military, north-korea, update, vulnerability, windowsExperten des Sicherheits-Unternehmens Trend Micro haben eine als ZDI-CAN-25373 bezeichnete Sicherheitslücke in Windows entdeckt, die Angreifer seit mindestens 2017 ausnutzen. Über die Lücke können die Angreifer Schadcode auf den betroffenen Windows-Rechnern ausführen, sofern der Benutzer eine verseuchte Webseite besucht oder eine infizierte Datei öffnet.Die Lücke steckt in der Vorgehensweise, wie Windows .lnk-Dateien (Verknüpfungsdateien) verarbeitet. Angreifer können Kommandozeilen-Befehle, die…
-
New Windows zero-day exploited by 11 state hacking groups since 2017
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/
-
Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017
An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017.The zero-day vulnerability, tracked by Trend Micro’s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad…
-
Groups From China, Russia, Iran Hitting OT Systems Worldwide
Threat Groups Are Mapping OT Networks for Future Targeting, Warns Dragos. A China-linked threat group called Voltzite is targeting operational technology systems at critical infrastructure organizations worldwide to steal network diagrams, OT operating instructions and information about geographic information systems, said cybersecurity firm Dragos. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/groups-from-china-russia-iran-hitting-ot-systems-worldwide-a-27722