Tag: iran
-
Iran Hacktivists Make Noise but Have Little Impact on War
Iran-aligned groups are trying to make their mark in the Gulf, but the results have fallen short of remarkable. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/iran-hacktivists-impact-on-war
-
Stryker says malware was involved in recent cyberattack as production lines reopen
The medical device firm Stryker said it is ramping production lines back up two weeks after alleged Iranian cyber actors wiped more than 200,000 company devices. First seen on therecord.media Jump to article: therecord.media/stryker-cyberattack-malware-iran
-
FBI Warns of Iran’s Handala Hack Group Using Fake Apps to Spy on Windows Users
The FBI has issued a warning about Iran-linked Handala Hack Group, targeting Windows users through fake versions of WhatsApp and Telegram. First seen on hackread.com Jump to article: hackread.com/fbi-iran-handala-hack-group-fake-apps-spy-windows/
-
Iran-linked ransomware gang targeted US healthcare org amid military conflict
The incident responders noted that there was no evidence that data was exfiltrated during the intrusion, an unusual development considering U.S. intelligence agencies previously said Pay2Key attacks were largely conducted for information theft. First seen on therecord.media Jump to article: therecord.media/iran-linked-ransomware-gang-targeted-us-healthcare-org
-
Self-propagating malware poisons open source software and wipes Iran-based machines
Development houses: It’s time to check your networks for infections. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/03/self-propagating-malware-poisons-open-source-software-and-wipes-iran-based-machines/
-
TeamPCP Unleashes Iran-Targeted CanisterWorm Kubernetes Wiper
CanisterWorm’s latest evolution turns TeamPCP’s cloud-native toolkit into a geopolitically tuned wiper, capable of bricking entire Kubernetes clusters when it lands on systems configured for Iran. The campaign reuses the same Internet Computer Protocol (ICP) canister C2 and backdoor infrastructure seen in the earlier Trivy and NPM CanisterWorm incidents. However, it now adds selective destruction…
-
Wiper-Angriff durch den Iran – Tausende Stryker-Mitarbeiter konnten nach Cyberangriff nicht arbeiten
First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-stryker-handala-5000-mitarbeitende-a-53b5e7829294efecb321748f7799768d/
-
Wiper-Angriff durch den Iran – Tausende Stryker-Mitarbeiter konnten nach Cyberangriff nicht arbeiten
First seen on security-insider.de Jump to article: www.security-insider.de/cyberangriff-stryker-handala-5000-mitarbeitende-a-53b5e7829294efecb321748f7799768d/
-
FBI warns of Russian, Iranian cyber activity involving messaging platforms
The FBI issued warnings about separate Russian and Iranian cyber campaigns involving social media messaging platforms like Signal and Telegram. First seen on therecord.media Jump to article: therecord.media/russia-iran-cyber-fbi-hacks
-
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/teampcp-deploys-iran-targeted-wiper-in-kubernetes-attacks/
-
Stryker: Cyber Incident ‘Contained,’ Restoration Continues
March 11 Attack Claimed by Iranian Hacktivist Group Handala. Medtech maker Stryker on Monday told regulators that it has contained a March 11 cyber incident and is working around the clock to prioritize quickly restoring IT systems that directly support customers, ordering and shipping. Iranian hacktivist group Handala has claimed credit for the attack. First…
-
FBI: Iranian hackers targeting opponents with Telegram malware
The campaign goes back to 2023 but is the subject of an alert amid conflict in the Middle East. First seen on cyberscoop.com Jump to article: cyberscoop.com/fbi-iranian-hackers-targeting-opponents-with-telegram-malware/
-
A Mysterious Numbers Station Is Broadcasting Through the Iran War
First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany”, but its purpose and its operator remain unclear. First seen on wired.com Jump to article: www.wired.com/story/a-mysterious-numbers-station-is-broadcasting-through-the-iran-war/
-
Lockheed Martin targeted in alleged breach by pro-Iran hacktivist
The group is demanding millions of dollars to not sell the information to U.S. adversaries. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/lockheed-martin-breach-pro-iran-hacktivist/815430/
-
FBI says Iranian hackers are using Telegram to steal data in malware attacks
Hackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, opposition groups, and journalists who oppose its regime, according to the FBI. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/23/fbi-says-iranian-hackers-are-using-telegram-to-steal-data-in-malware-attacks/
-
Pro-Iranian Nasir Security is targeting energy companies in the Gulf
Resecurity tracks Iran-linked Nasir Security targeting Middle East energy firms amid ongoing regional cyber and military threats. Resecurity (USA) is tracking a relatively new cybercriminal group called Nasir Security, presumably associated with Iran, that is targeting energy organizations in the Middle East. The energy sector is one of the most impacted areas because of the…
-
Iran-Konflikt – So können Sie den Schaden von Wiper-Attacken begrenzen
Tags: iranFirst seen on security-insider.de Jump to article: www.security-insider.de/wiper-angriffe-handala-hack-phishing-a-ee7b091a8bf11ff70a2b69aacf29b219/
-
Pro-Iranian Nasir Security is Targeting The Energy Sector in the Middle East
First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/pro-iranian-nasir-security-is-targeting-the-energy-sector-in-the-middle-east
-
Iran-linked actors use Telegram as C2 in malware attacks on dissidents
Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Security (MOIS) runs cyber campaigns using Telegram as a command-and-control infrastructure to deliver malware. Threat actors target Iranian dissidents, journalists, and opposition groups worldwide. Once deployed, the malware…
-
FBI warns of Handala hackers using Telegram in malware attacks
The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country’s Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/
-
Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck
Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-cyberattack-on-a-car-breathalyzer-firm-leaves-drivers-stuck/
-
FBI Seizes Iranian Online Leak Sites After Stryker Hack
New Handala Site Is Also Available. U.S. federal agents seized four web domains associated with Iranian hacking operations days after a threat actor going by Handala posted screenshots it said came from inside the IT systems of medical device manufacturer Stryker. The registrars used to create them are located in the United States. First seen…
-
Inside the Growing ‘Cyber Invasion’ Targeting the US
Former DoD CIO Leslie Beavers on Nation-State Attacks and Defense. Leslie Beavers, retired brigadier general and former acting CIO and principal deputy CIO of the Department of Defense, said the United States is already experiencing a cyber invasion, driven by coordinated activity from adversaries including Iran, China, Russia and North Korea. First seen on govinfosecurity.com…
-
ISMG Editors: Stryker Attack Hits Healthcare Supply Chain
Also: CISA Protocol Concerns, AI Agents Push Past Cybersecurity Controls. In this week’s panel, four ISMG editors unpacked the cyber dimensions of the Stryker attack amid the escalating Iran-Israel-U.S. tensions, the growing controversy around CISA leadership and alleged protocol breaches, and a new set of concerns related to AI agents bypassing security controls. First seen…
-
FBI takes down leak sites tied to Iran’s Ministry of Intelligence and Security
In a 40-page seizure warrant, the FBI outlined multiple digital campaigns launched by Iran’s Ministry of Intelligence and Security (MOIS) through a variety of online monikers, most recently going by the name “Handala.” First seen on therecord.media Jump to article: therecord.media/fbi-takes-down-leak-sites-iran-mois
-
US accuses Iran’s government of operating hacktivist group that hacked Stryker
The U.S. Justice Department said an Iranian security ministry operates the fake activist persona known as Handala, which claimed responsibility for the destructive hack targeting medical tech giant Stryker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/20/u-s-accuses-irans-government-of-operating-hacktivist-group-that-hacked-stryker/
-
U.S. accuses Iran’s government of operating hacktivist group that hacked Stryker
The U.S. Justice Department said an Iranian security ministry operates the fake activist persona known as Handala, which claimed responsibility for the destructive hack targeting medical tech giant Stryker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/20/u-s-accuses-irans-government-of-operating-hacktivist-group-that-hacked-stryker/
-
DOJ confirms seizure of domains linked to Iran-backed threat actor
A group connected to Iranian intelligence used the same infrastructure to claim credit for the hack of medical technology firm Stryker.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/doj-seizure-domains-iran-threat-actor/815306/
-
Zunehmende Cyberangriffe aus dem Iran: Empfehlungen für Unternehmen
Horizon3.ai, ein Anbieter im Bereich Offensive Security, hat eine Analyse zur aktuellen Entwicklung iranischer Cyberbedrohungen veröffentlicht und konkrete Maßnahmen vorgestellt, mit denen Unternehmen ihre Cyberresilienz stärken können. Vor dem Hintergrund zunehmender geopolitischer Spannungen sollen die Handlungsempfehlungen Sicherheitsverantwortlichen helfen, Risiken durch staatlich gesteuerte Angriffe frühzeitig zu erkennen und gezielt zu adressieren. Jüngste Militärschläge der USA… First…