#IranAPT

Iranian APT Operating as Initial Access Provider to Networks in the Middle East

by

September 24, 2024 at 11:54AM Mandiant’s report uncovers UNC1860 as an Iranian APT group gaining initial access to Middle Eastern networks, potentially sponsored by the Iranian government. The group employs specialized tools like TemplePlay and ViroGreen to gain access and maintain long-term control, presenting a significant threat to Middle Eastern entities. From the meeting notes, … Read more

Meet UNC1860: Iran’s Low-Key Access Broker for State Hackers

by

September 24, 2024 at 01:37AM An advanced persistent threat (APT) linked to Iran’s Ministry of Intelligence and Security (MOIS) provides initial access to Iranian state hacking groups, targeting valuable networks across sectors like government, media, and telecommunications. UNC1860 deploys a range of custom malware tools and backdoors to establish a foothold, staying undetected by focusing … Read more