Tag: iran

Inside Iran’s Cyber Objectives: What Do They Want?

Nov 21, 2025 6:49 AM

Tags: cyber, espionage, iran, military, strategy

The regime’s cyber-espionage strategy employs dual-use targeting, collecting info that can support both military needs and broader political objectives. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/iran-cyber-objectives
Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

Nov 20, 2025 11:49 AM

Tags: ai, attack, cyber, data, group, iran, threat

Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Identification System (AIS) data shortly before an attempted missile strike, showing how Tehran-aligned groups use cyber operations to support and amplify real-world kinetic attacks. The research demonstrates that…
Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

Nov 20, 2025 11:49 AM

Tags: ai, attack, cyber, data, group, iran, threat

Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Identification System (AIS) data shortly before an attempted missile strike, showing how Tehran-aligned groups use cyber operations to support and amplify real-world kinetic attacks. The research demonstrates that…
Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

Nov 20, 2025 9:49 AM

Tags: ai, attack, cyber, data, hacker, iran, threat, warfare

Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting.The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare are increasingly blurring, necessitating the need for a new category of…
Iranian APT hacks helped direct missile strikes in Israel and the Red Sea

Nov 20, 2025 1:46 AM

Tags: access, advisory, apt, attack, cctv, cyber, cybersecurity, data, espionage, group, guide, infrastructure, intelligence, iran, military, network, russia, strategy, threat, ukraine

MuddyWater uses hacked CCTV cameras to help guide missiles: Amazon also found supporting threat intel evidence for another Iran-linked incident involving cyber espionage and missile strikes that has received some official confirmation.After the US strikes against Iran’s nuclear sites in June, Iran retaliated by launching a barrage of missiles against Israel, targeting cities such as…
Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts

Nov 19, 2025 5:49 AM

Tags: apt, iran

The post Iranian APT UNC1549 Infiltrates Aerospace by Hijacking Trusted DLLs and Executing VDI Breakouts appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iranian-apt-unc1549-infiltrates-aerospace-by-hijacking-trusted-dlls-and-executing-vdi-breakouts/
Google Finds New Malware Backdoors Linked to Iran

Nov 18, 2025 11:49 PM

Tags: backdoor, defense, google, group, hacking, iran, malware, middle-east

Hacking Group Deploys Raft of Custom Malware Variants. An Iranian state hacking group with a history of targeting aerospace, aviation and defense industries across the Middle East has improved its tooling with multiple custom malware variants, warned Google. The group, tracked as UNC1549, is suspected of ties to the Iranian Revolutionary Guard Corps. First seen…
Iran-Nexus Threat Actor UNC1549 Takes Aim at Aerospace

Nov 18, 2025 11:49 PM

Tags: defense, iran, threat

Researchers say Israel remains a central focus, with UNC1549 targeting aerospace and defense entities in the US, the UAE, Qatar, Spain, and Saudi Arabia. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/iran-nexus-threat-actor-unc1549-takes-aim-aerospace
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks

Nov 18, 2025 4:49 PM

Tags: attack, backdoor, defense, espionage, google, hacker, iran, malware, mandiant, threat

Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented…
UNC1549 Hackers With Custom Tools Attacking Aerospace and Defense Systems to Steal Logins

Nov 18, 2025 9:49 AM

Tags: attack, cyber, defense, espionage, group, hacker, iran, login, threat, tool

The Iran-nexus cyber espionage group UNC1549 has significantly expanded its arsenal of custom tools and sophisticated attack techniques in an ongoing campaign targeting aerospace, aviation, and defense industries since mid-2024, according to new findings from Mandiant. The threat actor, which overlaps with Tortoiseshell and has suspected links to Iran’s Islamic Revolutionary Guard Corps (IRGC), demonstrates…
Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense

Nov 18, 2025 1:49 AM

Tags: apt, backdoor, defense, iran

The post Iran APT SpearSpecter Uses Weeks-Long WhatsApp Lures and Fileless TAMECAT Backdoor to Hit Defense appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iran-apt-spearspecter-uses-weeks-long-whatsapp-lures-and-fileless-tamecat-backdoor-to-hit-defense/
Iranian Hackers Use SpearSpecter to Target Senior Government Leaders

Nov 17, 2025 11:50 PM

Tags: government, hacker, iran, social-engineering

An Iranian campaign called SpearSpecter is quietly targeting senior officials with tailored social engineering and fileless malware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iranian-hackers-use-spearspecter-to-target-senior-government-leaders/
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials

Nov 17, 2025 2:49 PM

Tags: cyber, defense, espionage, government, group, intelligence, iran, social-engineering, threat

Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under multiple aliases including APT42, Mint Sandstorm, Educated Manticore, and CharmingCypress, has demonstrated remarkable patience and…
Iran-Linked SpearSpecter Campaign Leveraging Personalized Social Engineering Against High-Value Officials

Nov 17, 2025 2:49 PM

Tags: cyber, defense, espionage, government, group, intelligence, iran, social-engineering, threat

Iranian threat actors aligned with the Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) are conducting a sophisticated espionage campaign tracked as SpearSpecter, systematically targeting high-value senior defense and government officials through personalized social engineering tactics. The threat group, operating under multiple aliases including APT42, Mint Sandstorm, Educated Manticore, and CharmingCypress, has demonstrated remarkable patience and…
Iranian Hackers Launch ‘SpearSpecter’ Spy Operation on Defense & Government Targets

Nov 14, 2025 4:49 PM

Tags: defense, espionage, government, hacker, iran, spy, threat

The Iranian state-sponsored threat actor known as APT42 has been observed targeting individuals and organizations that are of interest to the Islamic Revolutionary Guard Corps (IRGC) as part of a new espionage-focused campaign.The activity, detected in early September 2025 and assessed to be ongoing, has been codenamed SpearSpecter by the Israel National Digital Agency (INDA).”The…
Iranian Cyber Espionage: Proofpoint Uncovers UNK_SmudgedSerpent

Nov 10, 2025 11:19 PM

Tags: cyber, espionage, exploit, iran

Proofpoint uncovered UNK_SmudgedSerpent, an Iranian-linked espionage campaign that exploits trust and blurs attribution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/iranian-cyber-espionage-proofpoint-uncovers-unk_smudgedserpent/
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials

Nov 10, 2025 9:19 AM

Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threat

The construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
APT Groups Target Construction Firms to Steal RDP, SSH, and Citrix Credentials

Nov 10, 2025 9:19 AM

Tags: apt, china, citrix, credentials, cyber, cybercrime, group, iran, korea, network, north-korea, organized, ransomware, russia, threat

The construction industry has emerged as a primary target for sophisticated cyber adversaries in 2025, with threat actors including state-sponsored APT groups, ransomware operators, and organized cybercriminal networks actively targeting organizations across the building and construction sector. Nation-state actors from China, Russia, Iran, and North Korea are leveraging the industry’s rapid digital transformation and security…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
Google researchers detect first operational use of LLMs in active malware campaigns

Nov 7, 2025 2:20 PM

Tags: ai, api, attack, cybercrime, cybersecurity, encryption, exploit, finance, google, group, iran, LLM, malware, marketplace, phishing, RedTeam, service, skills, social-engineering, threat, tool, vulnerability

Using social engineering against LLMs: Additionally, GTIG found that attackers are increasingly using “social engineering-like pretexts” in their prompts to get around LLM safeguards. Notably, they have posed as participants in a “capture-the-flag” (CTF) gamified cybersecurity competition, persuading Gemini to give up information it would otherwise refuse to reveal. In one interaction, for instance, an attacker…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
Iranian Hackers Exploit RMM Tools to Target Academics and Foreign-Policy Experts

Nov 6, 2025 3:19 PM

Tags: credentials, cyber, exploit, group, hacker, iran, phishing, social-engineering, tactics, threat, tool

Proofpoint Threat Research has identified a previously unknown Iranian threat actor, dubbed UNK_SmudgedSerpent, that conducted sophisticated phishing campaigns against academics and foreign policy experts between June and August 2025. The group employed credential harvesting techniques, sophisticated social engineering, and remote management tools to infiltrate targets, revealing a complex web of overlapping tactics reminiscent of established…
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage

Nov 6, 2025 5:19 AM

Tags: apt, espionage, iran, tool

The post New Iranian-Linked APT UNK_SmudgedSerpent Uses RMM Tools and M365 Spoofing for Espionage appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/new-iranian-linked-apt-unk_smudgedserpent-uses-rmm-tools-and-m365-spoofing-for-espionage/
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks

Nov 5, 2025 7:20 PM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
Iran’s Elusive SmudgedSerpent’ APT Phishes Influential US Policy Wonks

Nov 5, 2025 7:20 PM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks
UNK_SmudgedSerpent Targets Academics With Political Lures

Nov 5, 2025 5:19 PM

Tags: cyber, group, iran, malware, phishing

A previously unknown cyber actor UNK_SmudgedSerpent has been observed targeting academics with phishing and malware, merging techniques from Iranian groups First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/unksmudgedserpent-targets-academics/
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid IranIsrael Tensions

Nov 5, 2025 1:19 PM

Tags: attack, cyber, hacker, iran, threat

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel.”UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the First seen on thehackernews.com Jump…
Mysterious ‘SmudgedSerpent’ Hackers Target U.S. Policy Experts Amid IranIsrael Tensions

Nov 5, 2025 1:19 PM

Tags: attack, cyber, hacker, iran, threat

A never-before-seen threat activity cluster codenamed UNK_SmudgedSerpent has been attributed as behind a set of cyber attacks targeting academics and foreign policy experts between June and August 2025, coinciding with heightened geopolitical tensions between Iran and Israel.”UNK_SmudgedSerpent leveraged domestic political lures, including societal change in Iran and investigation into the First seen on thehackernews.com Jump…
Elusive Iranian APT Phishes Influential US Policy Wonks

Nov 5, 2025 11:19 AM

Tags: apt, government, iran

Iran is spying on American foreign policy influencers. But exactly which of its government’s APTs is responsible remains a mystery. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-apt-phishes-us-policy-wonks