Tag: iran
-
New DCHSpy Android Malware Targets WhatsApp, Call Logs, Audio, and Photos
Security researchers at Lookout have identified four novel samples of DCHSpy, an advanced Android surveillanceware attributed to the Iranian threat actor group MuddyWater, believed to be affiliated with Iran’s Ministry of Intelligence and Security (MOIS). These samples emerged approximately one week following the onset of the Israel-Iran conflict, highlighting the rapid adaptation of malware tooling…
-
After website hack, Arizona election officials unload on Trump’s CISA
As the state responded to a pro-Iranian attack, officials tell CyberScoop that it avoided reaching out to the federal agency, partly because it has been “politicized and weakened” under the president. First seen on cyberscoop.com Jump to article: cyberscoop.com/arizona-secretary-of-state-website-hack-candidate-portal-criticizes-cisa/
-
MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict
Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The firstMuddyWatercampaign wasobservedin late 2017, when the APT group targeted entities in…
-
Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents
Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX.Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it…
-
Iranian Hackers Deploy New Android Spyware Version
New samples of DCHSpy, a spyware implant linked to Iranian APT group MuddyWater, were detected by Lookout one week after the start of the Israel-Iran conflict First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-hackers-new-android-spyware/
-
New malware samples exfiltrate WhatsApp data to target Iran regime’s enemies
Researchers from the cybersecurity firm Lookout detected the latest version of DCHSpy one week after Israel’s June bombing campaign targeting Iran’s nuclear program began. DCHSpy was first detected in 2024, but has since evolved and can now exfiltrate data from WhatsApp and files stored on devices, Lookout said. First seen on therecord.media Jump to article:…
-
Four new Android spyware samples linked to Iran’s intel agency
Persians added snooping capabilities to DCHSpy after Israeli bombs fell First seen on theregister.com Jump to article: www.theregister.com/2025/07/21/muddywaters_android_iran/
-
Iranian Threat Actors Use AI-Generated Emails to Target Cybersecurity Researchers and Academics
Iranian state-backed Advanced Persistent Threat (APT) groups and their hacktivist allies have stepped up operations that could spark worldwide cyber retaliation in the wake of Israeli and American strikes on Iranian nuclear and military facilities in June 2025. While kinetic conflicts remain contained, the cyber domain has seen a surge in preparatory activities targeting U.S.…
-
Iranian Threat Actors Target U.S. Critical Infrastructure, Including Water Systems
Iran’s Islamic Revolutionary Guard Corps (IRGC) has increased its asymmetric cyber operations in response to recent U.S. attacks on Iranian nuclear sites. Intelligence Group 13 has emerged as a major aggressor in attacking critical infrastructure in the United States. This elite unit, embedded within the Shahid Kaveh Cyber Group, operates at the nexus of tactical…
-
Iran seeks at least three cloud providers to power its government
Despite loathing the USA, Iran wants providers who match NIST’s definition of cloud computing First seen on theregister.com Jump to article: www.theregister.com/2025/07/14/iran_cloud_panel_evaluation/
-
Pay2Key Ransomware Gang Resurfaces With Incentives to Attack US, Israel
The ransomware-as-a-service (RaaS) operation, which has been tied to an Iranian advanced persistent threat (APT) group, recently boosted its affiliate profit share to 80% for attacks on Western targets. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/pay2key-ransomware-gang-incentives-attack-us-israel
-
Iranian APT Hackers Targeting Transportation and Manufacturing Sectors in Active Attacks
Tags: apt, attack, cyber, cyberattack, cybersecurity, group, hacker, infrastructure, iran, network, threatNozomi Networks Labs cybersecurity researchers have reported a startling 133% increase in cyberattacks linked to well-known Iranian advanced persistent threat (APT) groups in May and June 2025, following current tensions with Iran. This uptick aligns with warnings from U.S. authorities, including a June 30th Fact Sheet from the Cybersecurity and Infrastructure Security Agency (CISA) and…
-
Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
An Iranian-backed ransomware-as-a-service (RaaS) named Pay2Key has resurfaced in the wake of the Israel-Iran-U.S. conflict last month, offering bigger payouts to cybercriminals who launch attacks against Israel and the U.S.The financially motivated scheme, now operating under the moniker Pay2Key.I2P, is assessed to be linked to a hacking group tracked as Fox Kitten (aka Lemon Sandstorm).”…
-
MPs Warn of “Significant” Iranian Cyber-Threat to UK
The Intelligence and Security Committee has warned of Iran’s “aggressive” and “extensive” cyber capabilities First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/mps-warn-iranian-threat/
-
Iranian APTs increased activity against US industries in late spring, researchers say
Iranian advanced persistent threat (APT) groups, including those tracked as MuddyWater and APT33, appeared to launch more attacks against U.S. industrial entities in May and June, according to a report from Nozomi Networks. First seen on therecord.media Jump to article: therecord.media/iran-state-backed-hackers-industrial-attacks-spring-2025
-
Iran-linked hackers target US transportation, manufacturing firms
United States authorities have been warning of potential state-linked or hacktivist threats since the U.S. intervened in the Israel-Iran war. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/iranian-hackers-us-transportation-manufacturing-israel-nozomi/752612/
-
Iranian ransomware crew reemerges, promises big bucks for attacks on US or Israel
Tells would-be affiliates they don’t need to worry because cyberattacks don’t violate a cease fire First seen on theregister.com Jump to article: www.theregister.com/2025/07/09/iranian_ransomware_crew_reemerges/
-
Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates
An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. and Israeli targets, offering affiliates higher profits. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. and Israeli targets, luring affiliates with higher profit shares. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus…
-
Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates
An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. and Israeli targets, offering affiliates higher profits. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. and Israeli targets, luring affiliates with higher profit shares. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus…
-
Iranian ransomware group offers bigger payouts for attacks on Israel, US
The Iran-linked ransomware-as-a-service group Pay2Key.I2P reportedly told affiliates that they can keep a larger cut of extortion payments if they attack entities within Iran’s adversaries. First seen on therecord.media Jump to article: therecord.media/iran-ransomware-group-pay2keyi2p-israel-us-targets
-
BladedFeline Exploits Whisper and PrimeCache to Breach IIS and Microsoft Exchange Servers
ESET researchers have uncovered a series of malicious tools deployed by BladedFeline, an Iran-aligned advanced persistent threat (APT) group, targeting Kurdish and Iraqi government officials. Active since at least 2017, BladedFeline has been linked with medium confidence to the notorious OilRig APT group, known for cyberespionage across the Middle East. Sophisticated Cyberespionage Campaign The group’s…
-
Iran-Aligned Hacking Group Targets Middle Eastern Governments
Iran-aligned BladedFeline group has been observed targeting the government of Iraq and KRG with advanced malware First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/iran-hacking-group-targets-middle/
-
Manufacturing Security: Why Default Passwords Must Go
If you didn’t hear about Iranian hackers breaching US water facilities, it’s because they only managed to control a single pressure station serving 7,000 people. What made this attack noteworthy wasn’t its scale, but how easily the hackers gained access — by simply using the manufacturer’s default password “1111.” This narrow escape prompted CISA to…
-
Android May Soon Warn You About Fake Cell Towers
Plus: Iran-linked hackers threaten to release Trump campaign emails, Chinese hackers still in US telecoms networks, and an abusive deepfake website plans an expansion. First seen on wired.com Jump to article: www.wired.com/story/android-may-soon-warn-you-about-fake-cell-towers/
-
Editors’ Panel: Pro-Iran Hackers Threaten to Leak Trump Data
Also: Medicare Data Breach; Gartner Security & Risk Management Summit Takeaways. In this week’s update, ISMG editors discussed Iran-linked hackers claiming to steal emails from Trump’s inner circle, how to refine application development in the age of AI, and a U.S. Medicare data breach amplifying concerns over the safety, security and privacy of federal health…
-
Staatlich unterstützte Cyberangriffe – Palo Alto warnt vor Angriffswelle aus dem Iran
First seen on security-insider.de Jump to article: www.security-insider.de/cyberkonflikt-israel-iran-auswirkungen-gefahren-a-b91cd281070630131a035089355b3db7/
-
Cryptohack Roundup: Inside the $100M Nobitex Breach
Also: Dismantling a 460 Million Euro Crypto Fraud Network. This week, a peek into Iran’s largest crypto exchange blending privacy, scale and sanctions evasion, Europol and Spanish police dismantled a crypto fraud network, $9.5M Resupply hack, sentencing in a $40M ponzi scheme and a North Korean crypto theft and employment fraud ring. First seen on…
-
Iran’s ‘Robert’ Hack Targets Trump – and Tests US Cyber Gaps
Iranian-Linked Hackers Claim to Have 100GB of Emails From Trump’s Inner Circle. An Iranian hacking group collectively using the pseudonym Robert claims to have 100 gigabytes of emails from President Donald Trump’s inner circle as Tehran seemingly attempts to project strength in cyberspace in the wake of U.S.-led attacks on three of its key nuclear…
-
Israel-Iran conflict fuels hacktivist operations
Tags: iranFirst seen on scworld.com Jump to article: www.scworld.com/brief/israel-iran-conflict-fuels-hacktivist-operations