September 20, 2024 at 06:45AM Mandiant is tracking Iranian APT threat actor UNC1860, linked to MOIS, which facilitates remote network access. UNC1860, known for sophisticated tools and prior destructive attacks, is associated with APT34 and implicated in cyber operations targeting U.S. elections. Iran’s increasing cyber activities coincide with heightened regional involvement. CISA warned of Iranian … Read more
July 16, 2024 at 06:19AM Iranian threat actor MuddyWater has been using a new backdoor, diverging from its usual method of using legitimate remote monitoring and management (RMM) software. This was discovered by cybersecurity firms Check Point and Sekoia, who dubbed the malware BugSleep and MuddyRot. The attacks have targeted various countries and industries, with … Read more
May 21, 2024 at 05:15PM Iranian state-backed groups, Scarred Manticore and Void Manticore, collaborate to conduct espionage and destructive cyber operations in Albania and Israel. Scarred Manticore excels in sophisticated, stealthy spying using the Liontail malware framework, while Void Manticore employs hack-and-leak tactics and destructive operations, making defense challenging for targeted organizations. Both groups require … Read more
May 20, 2024 at 12:27PM Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) conducts destructive wiping attacks in Albania and Israel. Cybersecurity firm Check Point tracks the activity as Void Manticore, also known as Storm-0842. The group uses wiper malware and leverages publicly available tools for attacks, demonstrating a high degree … Read more
December 19, 2023 at 07:15AM MuddyWater, an Iranian cyber espionage group affiliated with Iran’s Ministry of Intelligence and Security (MOIS), has used a new command-and-control framework called MuddyC2Go in attacks on telecommunications sectors in Egypt, Sudan, and Tanzania. Symantec’s Threat Hunter Team, tracking the group as Seedworm, has observed the group’s use of various tools … Read more
November 1, 2023 at 07:48AM A cyber espionage campaign has been targeting financial, government, military, and telecommunications sectors in the Middle East for at least a year. The threat actor, known as Scarred Manticore, is affiliated with Iran’s Ministry of Intelligence and Security. The campaign shows overlaps with other Iranian groups and uses a previously … Read more