August 24, 2024 at 03:42AM Meta Platforms recently disclosed activities of an Iranian state-sponsored threat actor using WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S., particularly political and diplomatic officials. The accounts, attributed to APT42, are associated with Iran’s Islamic Revolutionary Guard Corps. The U.S. government formally accused Iran … Read more
May 20, 2024 at 12:27PM Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) conducts destructive wiping attacks in Albania and Israel. Cybersecurity firm Check Point tracks the activity as Void Manticore, also known as Storm-0842. The group uses wiper malware and leverages publicly available tools for attacks, demonstrating a high degree … Read more
April 12, 2024 at 06:15AM MuddyWater, an Iranian threat actor, has been linked to a new command-and-control (C2) infrastructure called DarkBeatC2. This comes after the deployment of various legitimate Remote Monitoring and Management (RMM) solutions in spear-phishing attacks. Additionally, Iranian threat actor Peach Sandstorm has been seen using a backdoor called FalseFont in attacks targeting … Read more
December 22, 2023 at 01:18AM Microsoft has observed an Iranian threat actor targeting organizations in the Defense Industrial Base sector with a newly discovered backdoor named FalseFont. This backdoor allows remote access, file launching, and data transmission to its command-and-control servers. The campaign aligns with previous activity by the threat actor, indicating an ongoing evolution … Read more
October 26, 2023 at 04:48AM The Iranian threat actor Tortoiseshell is responsible for a new series of watering hole attacks. They use a malware called IMAPLoader, which acts as a downloader for additional payloads. The attacks target various sectors, including maritime, shipping, logistics, and nuclear industries. Tortoiseshell has a history of strategic website compromises and … Read more