Iranian Cyber Threat Intelligence Archives

Pro-Iranian Hackers Expand Targeting of US Critical Infrastructure as Cyber Chaos Escalates

acint22 hours ago03 mins

Pro-Iranian hackers are expanding their operations beyond the Middle East and increasingly targeting critical infrastructure in the United States, according to cybersecurity experts and recent incidents. The attacks represent a significant escalation in Iran’s cyber warfare capabilities and pose growing risks to American defense contractors, power stations, and water plants. Handala Claims Major US Attack…

Iranian Handala Hacktivists Deploy Wiper Malware Against Medical Device Giant Stryker

acint3 days ago02 mins

Iran-linked hacktivist group Handala has claimed responsibility for a devastating wiper malware attack against Stryker Corporation, a Fortune 500 medical technology company with over 53,000 employees and $22.6 billion in annual sales. Attack Scale and Impact According to Handala’s claims and corroborating employee reports, the attack resulted in: 50 terabytes of critical data exfiltrated 200,000+…

Iranian MOIS Cyber Actors Embrace Criminal Ecosystem: From Rhadamanthys to Ransomware Affiliates

acint4 days ago03 mins

A new Check Point Research report reveals that Iranian Ministry of Intelligence and Security (MOIS)-linked threat actors are increasingly engaging with the cybercrime ecosystem, moving beyond mere imitation to directly leveraging criminal tools, services, and affiliate-style relationships in support of state objectives. Key Findings The research highlights a significant evolution in Iranian cyber operations, where…

Seedworm APT Deploys Dindoor and Fakeset Backdoors Inside US Critical Infrastructure Networks

acint4 days ago03 mins

Iran’s Seedworm APT group (also known as MuddyWater) has established persistent access inside the networks of multiple US organizations since early February 2026, deploying two previously unknown malware implants as geopolitical tensions between the US and Iran escalate. New Backdoor Arsenal: Dindoor and Fakeset Joint research from Symantec and Carbon Black has identified Seedworm activity…

60+ Pro-Iranian Hacktivist Groups Activate AI-Enabled ICS Attacks Following US-Israel Strikes

acint5 days ago03 mins

In the largest single-event activation of Iranian-aligned cyber actors ever documented, more than 60 pro-Iranian hacktivist groups became active on Telegram within hours of the February 28 US-Israel military strikes on Iran. Armed with AI tools and targeting over 40,000 internet-exposed control systems in the United States, these groups represent a dangerous new dimension of…

Iranian Cyber Threats Intensify: APT Groups and Hacktivists Target U.S. and Allied Infrastructure

acint5 days ago5 days ago03 mins

Executive Summary As hostilities between Iran and the U.S./Israeli-led coalition escalate, threat intelligence indicates Iranian-aligned cyber actors pose an elevated near-term risk to organizations across North America and allied nations. These actors have a well-documented history of espionage, credential theft, disruptive attacks, and high-visibility “hacktivist” operations targeting U.S. and allied interests. The Iranian Cyber Threat…

Seedworm APT Targets US Banks and Airports with New Dindoor and Fakeset Backdoors

acint5 days ago03 mins

Iranian state-sponsored hackers have maintained persistent access inside multiple US critical infrastructure networks since early February 2026, establishing footholds that security researchers warn could enable devastating attacks amid escalating geopolitical tensions in the Middle East. MuddyWater Returns with New Malware Arsenal Symantec and Carbon Black researchers have attributed the activity to Seedworm (also known as…

Iranian APT group Infy cyber espionage operations

Iranian APT Infy Resurfaces with New Tornado Malware After Internet Blackout

acint1 month ago03 mins

The elusive Iranian threat group known as Infy (also tracked as Prince of Persia) has evolved its tactics and deployed new command-and-control infrastructure, resuming operations precisely when Iran’s government-imposed internet blackout ended in late January 2026. Operational Timeline Reveals State Sponsorship According to SafeBreach researchers, Infy’s C2 servers went offline on January 8, 2026—the same…

Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention

bulwarkblack2 years ago2 years ago02 mins

By Tom Fakterman, Daniel Frank and Jerome Tujague READ ARTICLE Executive Summary This article reviews the recently discovered FalseFont backdoor, which was used by a suspected Iranian-affiliated threat actor that Unit 42 tracks as Curious Serpens. Curious Serpens (aka Peach Sandstorm) is a known espionage group that has previously targeted the aerospace and energy sectors. FalseFont is the latest…

Iran’s APT33 targets US defense contractors with novel malware

bulwarkblack2 years ago2 years ago01 mins

https://www.scmagazine.com/news/iranian-threat-group-apt33-targets-us-defense-contractors-with-novel-malware