Tag: iran
-
Phishing campaign across Mideast, North Africa is attributed to Iranian group
The well-known Iranian cyber-espionage operation tracked as MuddyWater spread backdoor malware in recent months through a compromised email account, researchers said. First seen on therecord.media Jump to article: therecord.media/iran-muddywater-phishing-campaign-north-africa-middle-east
-
New Malware Toolkit from MuddyWater Delivers Phoenix Backdoor to Global Targets
Group-IB Threat Intelligence has uncovered a sophisticated phishing campaign orchestrated by the Iran-linked Advanced Persistent Threat group MuddyWater, targeting international organizations worldwide to gather foreign intelligence. The campaign demonstrates the threat actor’s evolving tactics and enhanced operational maturity in exploiting trusted communication channels to infiltrate high-value targets. MuddyWater launched the operation by accessing a compromised…
-
Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node
The post Iran-Linked MuddyWater Deploys Phoenix v4 Backdoor via Compromised Emails and NordVPN Exit Node appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/iran-linked-muddywater-deploys-phoenix-v4-backdoor-via-compromised-emails-and-nordvpn-exit-node/
-
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor
State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/iranian-hackers-targeted-over-100-govt-orgs-with-phoenix-backdoor/
-
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
The Iranian nation-state group known as MuddyWater has been attributed to a new campaign that has leveraged a compromised email account to distribute a backdoor called Phoenix to various organizations across the Middle East and North Africa (MENA) region, including over 100 government entities.The end goal of the campaign is to infiltrate high-value targets and…
-
MuddyWater Uses Compromised Mailboxes in Global Phishing Campaign
Group-IB has uncovered a phishing campaign by Iran-linked MuddyWater, exploiting compromised emails for foreign intelligence First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/muddywater-compromised-mailboxes/
-
MuddyWater Targets 100+ Gov Entities in MEA with Phoenix Backdoor
The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/muddywater-100-gov-entites-mea-phoenix-backdoor
-
John Bolton charged over classified emails after Iranian hack of his AOL account
Former US national security adviser John Bolton is the latest in a line of Donald Trump’s critics to find themselves on the sharp end of charges from the US Department of Justice. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/john-bolton-charged-over-classified-emails-after-iranian-hack-of-his-aol-account
-
John Bolton charged over classified emails after Iranian hack of his AOL account
Former US national security adviser John Bolton is the latest in a line of Donald Trump’s critics to find themselves on the sharp end of charges from the US Department of Justice. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/john-bolton-charged-over-classified-emails-after-iranian-hack-of-his-aol-account
-
John Bolton charged over classified emails after Iranian hack of his AOL account
Former US national security adviser John Bolton is the latest in a line of Donald Trump’s critics to find themselves on the sharp end of charges from the US Department of Justice. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/john-bolton-charged-over-classified-emails-after-iranian-hack-of-his-aol-account
-
Cybersecurity Snapshot: F5 Breach Prompts Urgent U.S. Gov’t Warning, as OpenAI Details Disrupted ChatGPT Abuses
Tags: ai, attack, awareness, backdoor, breach, business, chatgpt, china, cisa, cloud, control, corporate, cve, cyber, cybersecurity, data, data-breach, defense, detection, exploit, framework, fraud, governance, government, group, hacker, incident, infrastructure, Internet, iran, law, LLM, malicious, malware, mitigation, monitoring, network, openai, organized, phishing, privacy, resilience, risk, russia, scam, security-incident, service, software, strategy, supply-chain, technology, threat, training, update, vulnerabilityF5’s breach triggers a CISA emergency directive, as Tenable calls it “a five-alarm fire” that requires urgent action. Meanwhile, OpenAI details how attackers try to misuse ChatGPT. Plus, boards are increasing AI and cyber disclosures. And much more! Key takeaways A critical breach at cybersecurity firm F5, attributed to a nation-state, has triggered an urgent…
-
John Bolton indictment says suspected Iranian hackers accessed his emails, issued threats
The indictment of the former national security adviser is the latest against President Donald Trump’s political enemies. First seen on cyberscoop.com Jump to article: cyberscoop.com/john-bolton-indictment-says-suspected-iranian-hackers-accessed-his-emails-issued-threats/
-
Deutschland größtes Hacker-Ziel in der EU
Tags: authentication, china, cyberattack, defense, extortion, germany, hacker, iran, login, mail, mfa, microsoft, north-korea, password, phishing, ransomware, software, ukraineLaut einer Studie von Microsoft richteten sich 3,3 Prozent aller Cyberangriffe weltweit im ersten Halbjahr 2025 gegen Ziele in Deutschland.Kein Land in der Europäischen Union steht so sehr im Fokus von kriminellen Hackern wie Deutschland. Das geht aus dem Microsoft Digital Defense Report 2025 hervor, den der Software-Konzern in Redmond veröffentlicht hat. Danach richteten sich…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
APT35: Inside the Structure, Toolset, and Espionage Operations of an IRGC-Linked Group
In a groundbreaking disclosure, CloudSEK’s TRIAD unit has unearthed internal operational materials that shed light on Charming Kitten (APT35), revealing an intricate espionage apparatus linked to Iran’s Islamic Revolutionary Guard Corps (IRGC). The leak comprises over 100 Persian-language files marked with Jalali calendar dates and aligned with Tehran time, underscoring its authenticity. At the apex,…
-
Ongoing APT35 Phishing Campaign Uncovered: Iranian Group Impersonates Video Conferencing Services
The post Ongoing APT35 Phishing Campaign Uncovered: Iranian Group Impersonates Video Conferencing Services appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/ongoing-apt35-phishing-campaign-uncovered-iranian-group-impersonates-video-conferencing-services/
-
Iranian State Hackers Use SSL.com Certificates to Sign Malware
Security researchers say multiple threat groups, including Iran’s Charming Kitten APT offshoot Subtle Snail, are deploying malware with code-signing certificates from the Houston-based company. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/iranian-hackers-ssl-certificates-sign-malware
-
Iranian APT >>Nimbus Manticore<< Intensifies Cyber Espionage in Europe
The post Iranian APT >>Nimbus Manticore
-
Iran Targets Job-Seeking European Aerospace Engineers
Iranian Hackers Impersonate Online Recruiters. Western Europeans working in aerospace, defense manufacturing or telecoms are receiving waves of emails from putative job recruiters who actually are Iranian state hackers ready to unleash a backdoor and an infostealer. Check Point tracks the threat actor as Nimbus Manticore. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iran-targets-job-seeking-european-aerospace-engineers-a-29517
-
Iranian Hackers Use Fake Job Lures to Breach Europe’s Critical Industries
New research from Check Point Research reveals the Iranian cyber group Nimbus Manticore is targeting defence, telecom, and aerospace companies in Europe with fake job offers. Learn how they use advanced malware to steal sensitive data. First seen on hackread.com Jump to article: hackread.com/iranian-hackers-fake-job-breach-europe-industries/
-
Iranian Hacking Group Nimbus Manticore Expands European Targeting
Nimbus Manticore intensified European cyber-espionage, targeting aerospace, telecom, defense sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-nimbus-manticore-european/
-
Suspected Iran-backed attackers targeting European aerospace sector with novel malware
Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer First seen on theregister.com Jump to article: www.theregister.com/2025/09/23/iran_targeting_european_aerospace/
-
Nimbus Manticore Targets Defense and Telecom Industries with New Malware Attack
Check Point Research has identified a long-running campaign by the Iranian-aligned threat actor Nimbus Manticore”, also known as UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operation”, targeting defense manufacturers, telecommunications, and aviation entities aligned with IRGC priorities. Recent activity demonstrates a sharpened focus on Western Europe, notably Denmark, Sweden, and Portugal, with spear-phishing lures…
-
Nimbus Manticore Targets Defense and Telecom Industries with New Malware Attack
Check Point Research has identified a long-running campaign by the Iranian-aligned threat actor Nimbus Manticore”, also known as UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operation”, targeting defense manufacturers, telecommunications, and aviation entities aligned with IRGC priorities. Recent activity demonstrates a sharpened focus on Western Europe, notably Denmark, Sweden, and Portugal, with spear-phishing lures…
-
Fake Job Offers Used to Deliver Advanced Malware Targeting Job Seekers
Iranian threat actors are exploiting job seekers’ aspirations through sophisticated fake recruitment campaigns designed to deploy advanced malware across Europe’s critical infrastructure sectors. The attack methodology demonstrates remarkable operational security and state-sponsored tradecraft characteristics. Nimbus Manticore, also known as UNC1549 or Smoke Sandstorm, constructs elaborate fake recruitment websites that impersonate major aerospace companies including Boeing, Airbus, Rheinmetall,…
-
Subtle Snail: Iran-Linked Espionage Campaign Targets European Telecom, Aerospace, and Defense
The post Subtle Snail: Iran-Linked Espionage Campaign Targets European Telecom, Aerospace, and Defense appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/subtle-snail-iran-linked-espionage-campaign-targets-european-telecom-aerospace-and-defense/
-
Iran-Linked Hackers Target Europe With New Malware
Nimbus Manticore is back at it, this time with improved variants of its flagship malware and targets that are outside its usual focus area. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-linked-hackers-europe-new-malware
-
Subtle Snail Impersonation Tactics: How HR Representatives Can Engage Employees to Steal Login Credentials
Subtle Snail, an Iran-linked espionage group also tracked as UNC1549 under the Unyielding Wasp (Tortoiseshell) umbrella of the Charming Kitten network, has shifted its focus to European telecom, aerospace, and defense firms since June 2022. In a recent wave of attacks, the group compromised 34 devices across 11 organizations by masquerading as human resources representatives…
-
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It’s assessed to be affiliated with Iran’s Islamic First…