Tag: iran
-
Iranian Hackers Use Fake Job Lures to Breach Europe’s Critical Industries
New research from Check Point Research reveals the Iranian cyber group Nimbus Manticore is targeting defence, telecom, and aerospace companies in Europe with fake job offers. Learn how they use advanced malware to steal sensitive data. First seen on hackread.com Jump to article: hackread.com/iranian-hackers-fake-job-breach-europe-industries/
-
Iranian Hacking Group Nimbus Manticore Expands European Targeting
Nimbus Manticore intensified European cyber-espionage, targeting aerospace, telecom, defense sectors First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-nimbus-manticore-european/
-
Suspected Iran-backed attackers targeting European aerospace sector with novel malware
Instead of job offers, victims get MiniJunk backdoor and MiniBrowse stealer First seen on theregister.com Jump to article: www.theregister.com/2025/09/23/iran_targeting_european_aerospace/
-
Nimbus Manticore Targets Defense and Telecom Industries with New Malware Attack
Check Point Research has identified a long-running campaign by the Iranian-aligned threat actor Nimbus Manticore”, also known as UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operation”, targeting defense manufacturers, telecommunications, and aviation entities aligned with IRGC priorities. Recent activity demonstrates a sharpened focus on Western Europe, notably Denmark, Sweden, and Portugal, with spear-phishing lures…
-
Nimbus Manticore Targets Defense and Telecom Industries with New Malware Attack
Check Point Research has identified a long-running campaign by the Iranian-aligned threat actor Nimbus Manticore”, also known as UNC1549, Smoke Sandstorm, and the “Iranian Dream Job” operation”, targeting defense manufacturers, telecommunications, and aviation entities aligned with IRGC priorities. Recent activity demonstrates a sharpened focus on Western Europe, notably Denmark, Sweden, and Portugal, with spear-phishing lures…
-
Fake Job Offers Used to Deliver Advanced Malware Targeting Job Seekers
Iranian threat actors are exploiting job seekers’ aspirations through sophisticated fake recruitment campaigns designed to deploy advanced malware across Europe’s critical infrastructure sectors. The attack methodology demonstrates remarkable operational security and state-sponsored tradecraft characteristics. Nimbus Manticore, also known as UNC1549 or Smoke Sandstorm, constructs elaborate fake recruitment websites that impersonate major aerospace companies including Boeing, Airbus, Rheinmetall,…
-
Subtle Snail: Iran-Linked Espionage Campaign Targets European Telecom, Aerospace, and Defense
The post Subtle Snail: Iran-Linked Espionage Campaign Targets European Telecom, Aerospace, and Defense appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/subtle-snail-iran-linked-espionage-campaign-targets-european-telecom-aerospace-and-defense/
-
Iran-Linked Hackers Target Europe With New Malware
Nimbus Manticore is back at it, this time with improved variants of its flagship malware and targets that are outside its usual focus area. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-linked-hackers-europe-new-malware
-
Subtle Snail Impersonation Tactics: How HR Representatives Can Engage Employees to Steal Login Credentials
Subtle Snail, an Iran-linked espionage group also tracked as UNC1549 under the Unyielding Wasp (Tortoiseshell) umbrella of the Charming Kitten network, has shifted its focus to European telecom, aerospace, and defense firms since June 2022. In a recent wave of attacks, the group compromised 34 devices across 11 organizations by masquerading as human resources representatives…
-
UNC1549 Hacks 34 Devices in 11 Telecom Firms via LinkedIn Job Lures and MINIBIKE Malware
An Iran-nexus cyber espionage group known as UNC1549 has been attributed to a new campaign targeting European telecommunications companies, successfully infiltrating 34 devices across 11 organizations as part of a recruitment-themed activity on LinkedIn.Swiss cybersecurity company PRODAFT is tracking the cluster under the name Subtle Snail. It’s assessed to be affiliated with Iran’s Islamic First…
-
Iranian State APT Blitzes Telcos & Satellite Companies
A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-state-apt-telcos-satellite-companies
-
Iranian State APT Blitzes Telcos & Satellite Companies
A Charming Kitten subgroup is performing some of the most bespoke cyberattacks ever witnessed in the wild, to down select high-value targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iranian-state-apt-telcos-satellite-companies
-
Russland und China nehmen deutsche Wirtschaft ins Visier
Laut einer Bitkom-Umfrage kommen die meisten Cyberangriffe auf Unternehmen hierzulande noch immer aus Russland und China.Knapp drei von vier Unternehmen hierzulande berichten von zunehmenden Angriffen analog und digital. Der Schaden wird auf rund 289 Milliarden Euro geschätzt. Das geht aus einer repräsentativen Befragung von mehr als 1.000 Unternehmen unterschiedlicher Branchen durch den Digitalverband Bitkom hervor. Demnach…
-
Cryptohack Roundup: US Sanctions Iran Shadow Banking Network
Also: Man Denied Bankruptcy Discharge Over $12.5M Crypto Ponzi Debts. U.S. sanctions Iranian shadow banking network, Texas man denied bankruptcy discharge, Nemo blames $2.6M exploit on developer errors, THORChain founder hacked, Shibarium Bridge hit by $2.4M hack, Denver court rules pastor’s $3.3M project a fraud and NYDFS tells banks to use blockchain analytics. First seen…
-
What’s Old Is New Again as Iranian Hackers Exploit Macros
MuddyWater Also Embraces Bulletproof Hosts and Custom Malware. The Iranian nation-state cyberespionage group MuddyWater is going back to the future with attacks featuring Microsoft Office documents with malicious macros. It is also shifting to homegrown malware in place of commercial remote monitoring and management tools, said researchers. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/whats-old-new-again-as-iranian-hackers-exploit-macros-a-29465
-
MuddyWater Deploys Custom Multi-Stage Malware Hidden Behind Cloudflare
Since early 2025, cybersecurity analysts have witnessed a marked evolution in the tactics and tooling of MuddyWater, the Iranian state-sponsored Advanced Persistent Threat (APT) group. Historically known for broad Remote Monitoring and Management (RMM) campaigns, MuddyWater has pivoted to highly targeted spearphishing operations and bespoke backdoors. This shift underscores the group’s growing sophistication and its…
-
Israel announces seizure of $1.5M from crypto wallets tied to Iran
The Israeli government ordered the seizure of 187 wallets it said belong to the IRGC, which have over time received $1.5 billion in crypto, according to a blockchain analysis firm. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/15/israel-announces-seizure-of-1-5-million-from-crypto-wallets-tied-to-iran/
-
Israel announces seizure of $1.5 million from crypto wallets tied to Iran
The Israeli government ordered the seizure of 187 wallets it said belong to the IRGC, which have over time received $1.5 billion in crypto, according to a blockchain analysis firm. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/15/israel-announces-seizure-of-1-5-million-from-crypto-wallets-tied-to-iran/
-
Iran-Nexus Hackers Impersonate Omani MFA to Target Governments Entities
Tags: breach, communications, cyber, cybersecurity, exploit, government, group, hacker, intelligence, iran, malicious, mfa, phishing, spear-phishingCybersecurity researchers uncovered a sophisticated, Iran-linked spear-phishing operation that exploited a compromised Ministry of Foreign Affairs (MFA) mailbox in Oman to deliver malicious payloads to government entities worldwide. Analysts attribute the operation to the “Homeland Justice” group, believed to be aligned with Iran’s Ministry of Intelligence and Security (MOIS). Leveraging stolen diplomatic communications, encoded macros,…
-
Iran MOIS Phishes 50+ Embassies, Ministries, Int’l Orgs
The Homeland Justice APT tried spying on countries and organizations from six continents, using more than 100 hijacked email accounts. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/iran-mois-50-embassies-ministries-intl-orgs
-
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats
An Iran-nexus group has been linked to a “coordinated” and “multi-wave” spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.”Emails were sent to…
-
Iran-Nexus Hackers Exploit Omani Mailbox to Target Governments
Tags: authentication, communications, cyber, exploit, government, group, hacker, intelligence, iran, mfa, phishing, spear-phishingA sophisticated spear-phishing campaign that exploited a compromised mailbox belonging to the Ministry of Foreign Affairs of Oman. The operation, attributed to an Iranian-aligned group known as Homeland Justice and linked to Iran’s Ministry of Intelligence and Security (MOIS), masqueraded as legitimate multi-factor authentication (MFA) communications to infiltrate governments and diplomatic missions around the world.…
-
Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats
The post Beyond Phishing: Iranian-Aligned Group Abuses Omani Mailbox to Spy on Diplomats appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/beyond-phishing-iranian-aligned-group-abuses-omani-mailbox-to-spy-on-diplomats/
-
Security Affairs newsletter Round 539 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships New zero-click exploit allegedly used…
-
Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships
Lab Dookhtegan hacking group allegedly disrupted communications of 60 Iranian ships run by sanctioned firms NITC and IRISL. The hacking group Lab Dookhtegan allegedly disrupted the communications of 60 Iranian ships. The attack hit at least 39 tankers and 25 cargo ships operated by Iranian maritime companies National Iranian Oil Tanker Company and Iran Shipping Lines, which…
-
DOGE Put Everyone’s Social Security Data at Risk, Whistleblower Claims
Plus: China’s Salt Typhoon hackers target 600 companies in 80 countries, Tulsi Gabbard purges CIA agents, hackers knock out Iranian ship communications, and more. First seen on wired.com Jump to article: www.wired.com/story/doge-social-security-data-at-risk-whistleblower/
-
Cybercrime increasingly moving beyond financial gains
Tags: attack, awareness, business, ciso, computer, corporate, cyber, cyberattack, cybercrime, cybersecurity, defense, disinformation, espionage, finance, government, group, hacker, hacking, incident response, infrastructure, intelligence, iran, malicious, military, network, ransom, ransomware, risk, risk-analysis, russia, strategy, theft, threat, tool, ukraine, vulnerability, wormsrcset=”https://b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?quality=50&strip=all 892w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=223%2C300&quality=50&strip=all 223w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=768%2C1033&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=761%2C1024&quality=50&strip=all 761w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=518%2C697&quality=50&strip=all 518w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=125%2C168&quality=50&strip=all 125w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=62%2C84&quality=50&strip=all 62w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=357%2C480&quality=50&strip=all 357w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=268%2C360&quality=50&strip=all 268w, b2b-contenthub.com/wp-content/uploads/2025/08/Patricia-Alonso.png?resize=186%2C250&quality=50&strip=all 186w” width=”761″ height=”1024″ sizes=”auto, (max-width: 761px) 100vw, 761px”> Incibe. En la imagen, Patricia Alonso GarcÃa.”We are very redundant when talking about cybercrime, because we always associate it with economic motivations,” says Hervé Lambert, global consumer operations…
-
BSidesSF 2025: WHOIS Your Daddy: Tracking Iranian-Backed Cyber Operations With Passive DNS
Creator, Author and Presenter: Austin Northcutt Our deep appreciation to Security BSides – San Francisco and the Creators, Authors and Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube…
-
Hackers Lay in Wait, Then Knocked Out Iran Ship Comms
Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/hackers-knocked-out-iran-ship-comms
-
Hackers Lied In Wait, Then Knocked Out Iran Ship Comms
Lab-Dookhtegen claims major attack on more than 60 cargo ships and oil tankers belonging to two Iranian companies on US sanctions list. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/hackers-knocked-out-iran-ship-comms