September 20, 2024 at 06:45AM Mandiant is tracking Iranian APT threat actor UNC1860, linked to MOIS, which facilitates remote network access. UNC1860, known for sophisticated tools and prior destructive attacks, is associated with APT34 and implicated in cyber operations targeting U.S. elections. Iran’s increasing cyber activities coincide with heightened regional involvement. CISA warned of Iranian … Read more
September 18, 2024 at 02:25AM Iran continues to escalate cyber operations by utilizing APT34, also known as Hazel Sandstorm, to target government ministries in Iraq and neighboring nations. The cyberespionage group aims to gather intelligence through email tunneling and malware programs. Analysts believe the primary objective is espionage, reflecting the evolving geopolitical landscape in the … Read more
August 20, 2024 at 11:43AM The FBI confirmed Iran’s involvement in cyberattacks on former President Donald Trump’s adviser, part of a wider campaign targeting US 2024 presidential elections. Security agencies attributed the attacks to “increasingly aggressive Iranian activity” and warned of continued efforts to disrupt the election. This follows previous reports by Microsoft and Google, … Read more
July 16, 2024 at 06:19AM Iranian threat actor MuddyWater has been using a new backdoor, diverging from its usual method of using legitimate remote monitoring and management (RMM) software. This was discovered by cybersecurity firms Check Point and Sekoia, who dubbed the malware BugSleep and MuddyRot. The attacks have targeted various countries and industries, with … Read more
May 8, 2024 at 06:39PM Iran has been conducting a yearslong influence operation in Israel, with three distinct phases targeting societal and political divisions. Recorded Future’s Insikt Group identified the operation, called “Emerald Divide,” as likely state-backed and confirmed its use of AI and social media impersonation. The operation’s focused, targeted approach has proven effective, … Read more
March 1, 2024 at 01:38PM The US Department of Justice has unsealed an indictment accusing an Iranian national, Alireza Shafie Nasab, of a years-long cyber campaign targeting US defense contractors and government agencies. The indictment alleges that Nasab and his associates compromised hundreds of thousands of accounts through spear phishing, social engineering, and in-house software. … Read more
March 1, 2024 at 09:57AM The US Justice Department announced charges against Iranian national Alireza Shafie Nasab, accused of involvement in hacking operations targeting government and private sector organizations. His firm, Mahak Rayan Afraz, linked to cyberespionage, had ties to the IRGC. Nasab, now at large, faces charges carrying up to 20-year prison sentences, with … Read more
February 16, 2024 at 08:56AM US officials claimed a recent cyberattack on an Iranian military spy ship disrupted intelligence-gathering on Red Sea traffic used to aid Houthi rebels in piracy against cargo ships. The attack on the ship MV Behshad aimed to disrupt the sharing of reconnaissance technology with Houthi Rebels in Yemen, who target … Read more
February 14, 2024 at 07:09AM Albania’s cybersecurity authorities accused a hacker group sponsored by the Iranian government of a cyberattack on the Institute of Statistics. The attack affected 40 computers. In the past, Albania has blamed Iran for cyberattacks, leading to the cutting of diplomatic relations. The United States, NATO, and the EU supported Albania … Read more
January 29, 2024 at 12:47PM Middle Eastern cybersecurity firms, connected to Iranian government and specialists, are implicated in cyber attacks on Western democracy, critical infrastructure, and financial institutions. The leaked data points to a network of contractors linked to Iran’s military and intelligence, with expectations of continued operations despite sanctions. Similar arrangements are seen in … Read more