Collecting Cyber-News from over 60 sources

Tag: iran

Iranian APT ‘BladedFeline’ Remains Hidden in Networks for 8 Years

Jun 5, 2025 9:55 PM

Tags: access, apt, attack, cyber, cyberespionage, government, group, iran, iraq, network, threat

ESET researchers have uncovered the persistent activities of BladedFeline, an Iranian-aligned Advanced Persistent Threat (APT) group, which has maintained covert access to the networks of Kurdish and Iraqi government officials for nearly eight years. First identified in 2017 through attacks on the Kurdistan Regional Government (KRG), BladedFeline has since evolved into a sophisticated cyberespionage entity,…
Top US cyber officials face divergent paths after Senate confirmation

Jun 5, 2025 7:55 PM

Tags: china, cisa, cyber, cybersecurity, government, incident, incident response, iran, jobs, russia, strategy, technology, threat

Divergent strategies moving forward: The road ahead appears paved with opportunity for Cairncross, while Plankey faces a narrower path of contraction and clean-up at CISA.”This is a perfect opportunity for the NCD [national cyber director] position to work,” Center on Cyber and Technology Innovation’s Montgomery said. “You have a National Security Council focused on the…
Iran-linked hackers target Kurdish and Iraqi officials in long-running cyberespionage campaign

Jun 5, 2025 6:54 PM

Tags: cyberespionage, government, group, hacker, iran, iraq

The group has been operating since at least 2017, initially breaching systems belonging to the Kurdistan Regional Government and have expanded their reach to the Central Government of Iraq as well as a telecommunications provider in Uzbekistan. First seen on therecord.media Jump to article: therecord.media/iran-linked-hackers-target-kurdish-iraq-cyber-espionage
Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware

Jun 5, 2025 2:54 PM

Tags: attack, cyber, government, group, hacking, iran, iraq, malware, threat

An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024.The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster within OilRig, a known Iranian nation-state cyber actor. It’s said to…
Iranian APT ‘BladedFeline’ Hides in Network for 8 Years

Jun 5, 2025 11:55 AM

Tags: apt, cyber, espionage, iran, network

ESET published research on the Iranian APT BladedFeline, which researchers believe is a subgroup of the cyber-espionage entity APT34. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iranian-apt-bladedfeline-hides-network-8-years
Getting the Most Value Out of the OSCP: After the Exam

Jun 2, 2025 10:54 PM

Tags: access, attack, automation, bug-bounty, business, cloud, compliance, conference, control, corporate, credentials, cyber, cybersecurity, data, data-breach, defense, detection, exploit, finance, flaw, framework, google, governance, group, guide, hacker, hacking, incident response, infosec, injection, intelligence, Internet, iran, jobs, kali, linkedin, linux, malicious, malware, microsoft, mobile, network, office, open-source, penetration-testing, powershell, privacy, RedTeam, reverse-engineering, risk, service, skills, soc, social-engineering, sql, strategy, stuxnet, technology, threat, tool, training, update, vulnerability, windows

In the final post of this series, I’ll discuss what to do after your latest exam attempt to get the most value out of your OSCP journey. DISCLAIMER: All opinions expressed in this article are solely my own. I have reviewed the content to ensure compliance with OffSec’s copyright policies and agreements. I have not been…
Iranian Robbinhood Ransomware Operator Pleads Guilty in US City Attacks

Jun 2, 2025 3:54 PM

Tags: attack, iran, ransomware, service

Iranian Robbinhood ransomware operator pleads guilty to major US city attacks, crippling services in Baltimore, Greenville, and more since 2019. First seen on hackread.com Jump to article: hackread.com/iran-robbinhood-ransomware-operator-guilty-city-attacks/
Meta’s Q1 2025 Report: Dismantling Covert Influence Campaigns from China, Iran, and Romania

Jun 2, 2025 5:54 AM

Tags: china, iran

The post Meta’s Q1 2025 Report: Dismantling Covert Influence Campaigns from China, Iran, and Romania appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/metas-q1-2025-report-dismantling-covert-influence-campaigns-from-china-iran-and-romania/
Meta stopped covert operations from Iran, China, and Romania spreading propaganda

May 30, 2025 11:55 PM

Tags: china, iran

Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms. Meta announced the disruption of three influence operations from Iran, China, and Romania using fake accounts to spread propaganda and manipulate discourse on Facebook, Instagram, and more. The social media giant pointed out that it…
A Hacker May Have Deepfaked Trump’s Chief of Staff in a Phishing Campaign

May 30, 2025 9:55 PM

Tags: attack, data-breach, hacker, iran, phishing, ransomware, russia

Plus: An Iranian man pleads guilty to a Baltimore ransomware attack, Russia’s nuclear blueprints get leaked, a Texas sheriff uses license plate readers to track a woman who got an abortion, and more. First seen on wired.com Jump to article: www.wired.com/story/trump-chief-staff-susie-wiles-hacker-phishing-impersonation/
Meta says it disrupted influence operations linked to China, Iran, Romania

May 30, 2025 4:55 PM

Tags: china, iran

The latest report from Meta on social media influence operations tracked some low-impact campaigns to China, Iran and Romania. First seen on therecord.media Jump to article: therecord.media/meta-influence-operations-takedown-china-iran-romania
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas

May 30, 2025 6:55 AM

Tags: china, iran, network, threat

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025.”We detected and removed these campaigns before they were able to build authentic audiences on our apps,” the social media giant said in its quarterly Adversarial Threat Report.This included a network of 658…
Iranian Hacker Pleads Guilty in $19 Million Robbinhood Ransomware Attack on Baltimore

May 28, 2025 8:55 PM

Tags: attack, computer, extortion, hacker, international, iran, network, ransom, ransomware

An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware.Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin…
Robinhood Ransomware Operator Arrested for Attacks on Government and Private Networks

May 28, 2025 1:55 PM

Tags: attack, computer, cyber, fraud, government, healthcare, international, iran, network, ransomware

On May 27, 2025, Iranian national Sina Gholinejad, 37, pleaded guilty in a North Carolina federal court to charges of computer fraud and conspiracy to commit wire fraud, admitting his central role in the international Robbinhood ransomware campaign that targeted U.S. cities, corporations, and healthcare organizations. The attacks, spanning from January 2019 to March 2024,…
Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks

May 28, 2025 11:55 AM

Tags: attack, computer, fraud, iran, ransomware

Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to computer and wire fraud conspiracy. Iranian national Sina Gholinejad pleaded guilty to his role in a Robbinhood ransomware scheme that hit U.S. cities, including Baltimore and Greenville. The attacks caused major disruptions and over $19 million in damages to Baltimore…
Iranian man pleads guilty in Robbinhood ransomware scheme

May 28, 2025 12:55 AM

Tags: iran, ransomware

Sina Gholinejad pleaded guilty to two counts in a scheme that most visibly hit the city of Baltimore, causing $19 million in damages. First seen on cyberscoop.com Jump to article: cyberscoop.com/iranian-man-pleads-guilty-in-robbinhood-ransomware-scheme/
RobbinHood Ransomware Hacker Pleads Guilty in US Court

May 27, 2025 11:54 PM

Tags: attack, hacker, iran, ransomware

A RobbinHood Attack Against Baltimore Cost City $19 Million. An Iranian national behind a spate of ransomware attacks against U.S. municipalities including an attack that cost the city of Baltimore $19 million to rectify pleaded guilty in U.S. federal court Tuesday afternoon. Sina Gholinejad, 37, admitted to deploying Robinhood ransomware. First seen on govinfosecurity.com Jump…
Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars

May 27, 2025 10:54 PM

Tags: attack, extortion, iran, ransom, ransomware

Sina Gholinejad admitted to using the Robbinhood ransomware variant to extort ransom payments from dozens of victims. First seen on therecord.media Jump to article: therecord.media/iranian-years-decades-guilty-ransomware
Iranian pleads guilty to RobbinHood ransomware attacks, faces 30 years

May 27, 2025 9:54 PM

Tags: attack, breach, data, extortion, iran, network, ransomware

An Iranian national has pleaded guilty to participating in the Robbinhood ransomware operation, which was used to breach the networks, steal data, and encrypt devices of U.S. cities and organizations in an attempt to extort millions of dollars over a five-year span. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/iranian-pleads-guilty-to-robbinhood-ransomware-attacks-faces-30-years/
Iranian Cybergroup Toufan Targets Organizations to Steal Login Credentials

May 27, 2025 2:54 PM

Tags: breach, credentials, cyber, defense, finance, government, group, iran, login, threat

A pro-Palestinian cybergroup called Cyber Toufan, which means >>cyber storm,
Digitales Nomadentum: Mit dem Laptop um die Welt

May 23, 2025 2:55 PM

Tags: iran, jobs

Usbekistan, Georgien, Indien, Iran: Unsere Autorin lebt seit gut zehn Jahren als digitale Nomadin. Ein Rückblick auf skurrile Jobs und technische Herausforderungen. First seen on golem.de Jump to article: www.golem.de/news/digitales-nomadentum-mit-dem-laptop-um-die-welt-2505-195359.html
Critical infrastructure under attack: Flaws becoming weapon of choice

May 23, 2025 9:55 AM

Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-day

Trade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
Iranian Hackers Posing as Model Agency to Target Victims

May 8, 2025 4:10 PM

Tags: cyber, cyberespionage, data-breach, hacker, intelligence, iran, network, threat

Unit 42, the threat intelligence arm of Palo Alto Networks, has exposed a covert operation likely orchestrated by Iranian cyber actors. The campaign involves a fraudulent website, megamodelstudio[.]com, meticulously designed to impersonate the Hamburg-based Mega Model Agency. Cyberespionage Campaign Uncovered Registered on February 18, 2025, and hosted at IP address 64.72.205[.]32 since March 1, 2025,…
‘Lemon Sandstorm’ Underscores Risks to Middle East Infrastructure

May 8, 2025 8:10 AM

Tags: group, infrastructure, iran, middle-east, network, risk, technology

The Iranian state-backed group targeted the operational technology of a critical national infrastructure (CNI) network and persisted in its network for years, but ultimately failed. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/lemon-sandstorm-risks-middle-east-infrastructure
Iranian Cyber Espionage Uses Fake Modeling Agency for Targeted Attacks

May 8, 2025 5:10 AM

Tags: attack, cyber, espionage, iran, network

Recently, researchers at Palo Alto Networks’ Unit 42 have uncovered a covert Iranian cyber-espionage campaign that employed a First seen on securityonline.info Jump to article: securityonline.info/iranian-cyber-espionage-uses-fake-modeling-agency-for-targeted-attacks/
Middle Eastern critical infrastructure targeted by long-term Iranian cyberattack

May 5, 2025 10:50 PM

Tags: cyberattack, infrastructure, iran

First seen on scworld.com Jump to article: www.scworld.com/brief/middle-eastern-critical-infrastructure-targeted-by-long-term-iranian-cyberattack
Iranian Hackers Breach Middle East Infrastructure

May 5, 2025 8:50 PM

Tags: breach, credentials, cyberespionage, fortinet, group, hacker, infrastructure, iran, middle-east, network, technology, theft, threat

Fortinet Uncovers Long-Term Cyberespionage in Region. An Iranian state-sponsored threat group conducted a years-long cyberespionage campaign targeting a Middle East critical infrastructure provider, with its operational technology network a key target. The attackers focused reconnaissance activity and credential theft on the OT network. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-breach-middle-east-infrastructure-a-28284
Iranian APT Group Breaches Middle Eastern Critical Infrastructure in Stealth Campaign

May 5, 2025 5:49 AM

Tags: apt, breach, group, incident response, infrastructure, iran

Recently, the FortiGuard Incident Response (FGIR) team has released an in-depth analysis detailing a prolonged, state-sponsored intrusion into First seen on securityonline.info Jump to article: securityonline.info/iranian-apt-group-breaches-middle-eastern-critical-infrastructure-in-stealth-campaign/
Threat Actors Target Critical National Infrastructure with New Malware and Tools

May 4, 2025 5:49 AM

Tags: cyber, espionage, incident response, infrastructure, iran, malware, middle-east, threat, tool

A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. Spanning from at least May 2023 to February 2025, with evidence of compromise dating back to May 2021, this espionage-driven campaign employed…
Iranian Hackers Maintain 2-Year Access to Middle East CNI via VPN Flaws and Malware

May 3, 2025 1:50 PM

Tags: access, cyber, espionage, flaw, group, hacker, infrastructure, iran, malware, middle-east, network, threat, vpn

An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years.The activity, which lasted from at least May 2023 to February 2025, entailed “extensive espionage operations and suspected network prepositioning a tactic often used to maintain persistent…