Collecting Cyber-News from over 60 sources

Tag: iran

TeamPCP deploys Iran-targeted wiper in Kubernetes attacks

Mar 23, 2026 9:47 PM

Tags: attack, group, hacking, iran, kubernetes, malicious

The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/teampcp-deploys-iran-targeted-wiper-in-kubernetes-attacks/
FBI: Iranian hackers targeting opponents with Telegram malware

Mar 23, 2026 8:47 PM

Tags: hacker, iran, malware

The campaign goes back to 2023 but is the subject of an alert amid conflict in the Middle East. First seen on cyberscoop.com Jump to article: cyberscoop.com/fbi-iranian-hackers-targeting-opponents-with-telegram-malware/
A Mysterious Numbers Station Is Broadcasting Through the Iran War

Mar 23, 2026 8:47 PM

Tags: iran, military

First heard as US and Israeli strikes on Iran began, the shortwave broadcast has since been traced to a US military base in Germany”, but its purpose and its operator remain unclear. First seen on wired.com Jump to article: www.wired.com/story/a-mysterious-numbers-station-is-broadcasting-through-the-iran-war/
Lockheed Martin targeted in alleged breach by pro-Iran hacktivist

Mar 23, 2026 5:48 PM

Tags: breach, group, iran

The group is demanding millions of dollars to not sell the information to U.S. adversaries. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/lockheed-martin-breach-pro-iran-hacktivist/815430/
FBI says Iranian hackers are using Telegram to steal data in malware attacks

Mar 23, 2026 4:47 PM

Tags: attack, data, government, group, hacker, hacking, iran, malware

Hackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, opposition groups, and journalists who oppose its regime, according to the FBI. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/23/fbi-says-iranian-hackers-are-using-telegram-to-steal-data-in-malware-attacks/
Pro-Iranian Nasir Security is targeting energy companies in the Gulf

Mar 23, 2026 4:47 PM

Tags: cyber, cybercrime, group, iran, middle-east, military

Resecurity tracks Iran-linked Nasir Security targeting Middle East energy firms amid ongoing regional cyber and military threats. Resecurity (USA) is tracking a relatively new cybercriminal group called Nasir Security, presumably associated with Iran, that is targeting energy organizations in the Middle East. The energy sector is one of the most impacted areas because of the…
Iran-Konflikt – So können Sie den Schaden von Wiper-Attacken begrenzen

Mar 23, 2026 4:47 PM

Tags: iran

First seen on security-insider.de Jump to article: www.security-insider.de/wiper-angriffe-handala-hack-phishing-a-ee7b091a8bf11ff70a2b69aacf29b219/
Pro-Iranian Nasir Security is Targeting The Energy Sector in the Middle East

Mar 23, 2026 3:47 PM

Tags: iran, middle-east

First seen on resecurity.com Jump to article: www.resecurity.com/blog/article/pro-iranian-nasir-security-is-targeting-the-energy-sector-in-the-middle-east
Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Mar 23, 2026 11:47 AM

Tags: attack, control, cyber, data, group, infrastructure, intelligence, iran, malware, threat

Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Security (MOIS) runs cyber campaigns using Telegram as a command-and-control infrastructure to deliver malware. Threat actors target Iranian dissidents, journalists, and opposition groups worldwide. Once deployed, the malware…
FBI warns of Handala hackers using Telegram in malware attacks

Mar 23, 2026 11:47 AM

Tags: attack, country, hacker, intelligence, iran, malware, network

The U.S. Federal Bureau of Investigation (FBI) warned network defenders that Iranian hackers linked to the country’s Ministry of Intelligence and Security (MOIS) are using Telegram in malware attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/
Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Mar 21, 2026 12:10 PM

Tags: cyberattack, data, hacker, healthcare, iran, phone

Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-cyberattack-on-a-car-breathalyzer-firm-leaves-drivers-stuck/
FBI Seizes Iranian Online Leak Sites After Stryker Hack

Mar 21, 2026 5:11 AM

Tags: hacking, iran, leak, threat

New Handala Site Is Also Available. U.S. federal agents seized four web domains associated with Iranian hacking operations days after a threat actor going by Handala posted screenshots it said came from inside the IT systems of medical device manufacturer Stryker. The registrars used to create them are located in the United States. First seen…
Inside the Growing ‘Cyber Invasion’ Targeting the US

Mar 21, 2026 12:10 AM

Tags: attack, china, cio, cyber, defense, iran, russia

Former DoD CIO Leslie Beavers on Nation-State Attacks and Defense. Leslie Beavers, retired brigadier general and former acting CIO and principal deputy CIO of the Department of Defense, said the United States is already experiencing a cyber invasion, driven by coordinated activity from adversaries including Iran, China, Russia and North Korea. First seen on govinfosecurity.com…
ISMG Editors: Stryker Attack Hits Healthcare Supply Chain

Mar 20, 2026 11:09 PM

Tags: ai, attack, breach, cisa, cyber, cybersecurity, healthcare, iran, supply-chain

Also: CISA Protocol Concerns, AI Agents Push Past Cybersecurity Controls. In this week’s panel, four ISMG editors unpacked the cyber dimensions of the Stryker attack amid the escalating Iran-Israel-U.S. tensions, the growing controversy around CISA leadership and alleged protocol breaches, and a new set of concerns related to AI agents bypassing security controls. First seen…
FBI takes down leak sites tied to Iran’s Ministry of Intelligence and Security

Mar 20, 2026 7:10 PM

Tags: intelligence, iran, leak

In a 40-page seizure warrant, the FBI outlined multiple digital campaigns launched by Iran’s Ministry of Intelligence and Security (MOIS) through a variety of online monikers, most recently going by the name “Handala.” First seen on therecord.media Jump to article: therecord.media/fbi-takes-down-leak-sites-iran-mois
US accuses Iran’s government of operating hacktivist group that hacked Stryker

Mar 20, 2026 7:10 PM

Tags: government, group, iran

The U.S. Justice Department said an Iranian security ministry operates the fake activist persona known as Handala, which claimed responsibility for the destructive hack targeting medical tech giant Stryker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/20/u-s-accuses-irans-government-of-operating-hacktivist-group-that-hacked-stryker/
U.S. accuses Iran’s government of operating hacktivist group that hacked Stryker

Mar 20, 2026 6:10 PM

Tags: government, group, iran

The U.S. Justice Department said an Iranian security ministry operates the fake activist persona known as Handala, which claimed responsibility for the destructive hack targeting medical tech giant Stryker. First seen on techcrunch.com Jump to article: techcrunch.com/2026/03/20/u-s-accuses-irans-government-of-operating-hacktivist-group-that-hacked-stryker/
DOJ confirms seizure of domains linked to Iran-backed threat actor

Mar 20, 2026 5:10 PM

Tags: group, infrastructure, intelligence, iran, technology, threat

A group connected to Iranian intelligence used the same infrastructure to claim credit for the hack of medical technology firm Stryker.; First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/doj-seizure-domains-iran-threat-actor/815306/
Zunehmende Cyberangriffe aus dem Iran: Empfehlungen für Unternehmen

Mar 20, 2026 12:10 PM

Tags: cyberattack, iran, risk

Horizon3.ai, ein Anbieter im Bereich Offensive Security, hat eine Analyse zur aktuellen Entwicklung iranischer Cyberbedrohungen veröffentlicht und konkrete Maßnahmen vorgestellt, mit denen Unternehmen ihre Cyberresilienz stärken können. Vor dem Hintergrund zunehmender geopolitischer Spannungen sollen die Handlungsempfehlungen Sicherheitsverantwortlichen helfen, Risiken durch staatlich gesteuerte Angriffe frühzeitig zu erkennen und gezielt zu adressieren. Jüngste Militärschläge der USA… First…
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

Mar 20, 2026 5:11 AM

Tags: access, attack, authentication, best-practice, breach, cisa, control, credentials, cyberattack, defense, endpoint, exploit, group, identity, incident response, intelligence, iran, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, phishing, ransomware, risk, threat, tool, unauthorized, update

Hardening endpoint management systems: CISA advises IT leaders to:use principles of least privilege access when designing administrative roles for endpoint management systems. For Intune systems, there is role-based access control limiting what actions a role can take, what users the actions are applied to, and which devices are covered;enforce phishing-resistant multi-factor authentication (MFA) and privileged…
CISA urges IT to harden endpoint management systems after cyberattack by pro-Iranian group

Mar 20, 2026 5:11 AM

Tags: access, attack, authentication, best-practice, breach, cisa, control, credentials, cyberattack, defense, endpoint, exploit, group, identity, incident response, intelligence, iran, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, phishing, ransomware, risk, threat, tool, unauthorized, update

Hardening endpoint management systems: CISA advises IT leaders to:use principles of least privilege access when designing administrative roles for endpoint management systems. For Intune systems, there is role-based access control limiting what actions a role can take, what users the actions are applied to, and which devices are covered;enforce phishing-resistant multi-factor authentication (MFA) and privileged…
FBI Seizes Two Websites Linked to Pro-Iranian Group Handala

Mar 19, 2026 10:10 PM

Tags: attack, corporate, data, group, iran, leak, threat

The FBI has seized two websites, including the leak site, of Handala, a highly active pro-Iranian threat group responsible for the high-profile wiping attack on U.S.-based medical tech company Stryker in which it erased the data from about 80,000 corporate and personal devices. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/fbi-seizes-two-websites-linked-to-pro-iranian-group-handala/
Microsoft Intune MDM Gains Notoriety After Stryker Hack

Mar 19, 2026 10:10 PM

Tags: group, hacking, iran, microsoft, mobile, software, tool

Properly Configured Mobile Development Management Tools Can’t Wipe Personal Data. Mobile device management software is having a moment of notoriety after Iran-aligned hacking group Handala used Microsoft Intune to wipe the mobile devices of employees at medical device manufacture Stryker. Tens of thousands of personal devices were likely affected. First seen on govinfosecurity.com Jump to…
Microsoft Intune MDM Gains Notoriety After Stryker Hack

Mar 19, 2026 10:10 PM

Tags: group, hacking, iran, microsoft, mobile, software, tool

Properly Configured Mobile Development Management Tools Can’t Wipe Personal Data. Mobile device management software is having a moment of notoriety after Iran-aligned hacking group Handala used Microsoft Intune to wipe the mobile devices of employees at medical device manufacture Stryker. Tens of thousands of personal devices were likely affected. First seen on govinfosecurity.com Jump to…
Feds keep eyes peeled for Iran cyberattacks, respond to Stryker breach

Mar 19, 2026 8:10 PM

Tags: breach, cisa, cyberattack, iran

There’s been no visible surge, at least not yet, said DOD’s Terry Kalka and CISA’s Nick Andersen. First seen on cyberscoop.com Jump to article: cyberscoop.com/feds-keep-eyes-peeled-for-iran-cyberattacks-respond-to-stryker-breach/
Lock down Microsoft Intune, feds warn after Stryker attack

Mar 19, 2026 6:10 PM

Tags: attack, iran, microsoft

Iran-linked attackers wiped employees’ devices using Intune First seen on theregister.com Jump to article: www.theregister.com/2026/03/19/microsoft_intune_lockdown_stryker/
Lock down Microsoft Intune, feds warn after Stryker attack

Mar 19, 2026 6:10 PM

Tags: attack, iran, microsoft

Iran-linked attackers wiped employees’ devices using Intune First seen on theregister.com Jump to article: www.theregister.com/2026/03/19/microsoft_intune_lockdown_stryker/
Cisa tells US organisations to harden endpoint management after Stryker attack

Mar 19, 2026 6:10 PM

Tags: attack, cisa, cyber, endpoint, iran, service

Last week’s cyber attack on the systems of a US medical services company by Iranian hacktivists has prompted an alert from Cisa, urging organisations to reinforce their defensive posture First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366640448/Cisa-tells-US-organisations-to-harden-endpoint-management-after-Stryker-attack
FBI, CISA warn on Microsoft Intune risks after Iran-linked cyberattack on Stryker

Mar 19, 2026 6:10 PM

Tags: attack, cisa, cyberattack, data, iran, malware, microsoft, risk

The attackers behind a recent attack on Stryker did not use malware, instead breaking into a legitimate Microsoft device management system called Intune and wiping the company’s data that way. First seen on therecord.media Jump to article: therecord.media/fbi-cisa-warn-of-microsoft-intune-risks-stryker
FBI, CISA warn on Microsoft Intune risks after Iran-linked cyberattack on Stryker

Mar 19, 2026 6:10 PM

Tags: attack, cisa, cyberattack, data, iran, malware, microsoft, risk

The attackers behind a recent attack on Stryker did not use malware, instead breaking into a legitimate Microsoft device management system called Intune and wiping the company’s data that way. First seen on therecord.media Jump to article: therecord.media/fbi-cisa-warn-of-microsoft-intune-risks-stryker