Security News

A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed by CrowdStrike to a threat actor it tracks under the name Imperial Kitten, and which is also known as Crimson Sandstorm, TA456, Tortoiseshell, and Yellow Liderc.

The Iranian nation-state actor known as MuddyWater has been linked to a new spear-phishing campaign targeting two Israeli entities to ultimately deploy a legitimate remote administration tool from...

The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and...

The Iranian state-sponsored group dubbed MuddyWater has been attributed to a previously unseen command-and-control framework called PhonyC2 that's been put to use by the actor since 2021. "MuddyWater is continuously updating the PhonyC2 framework and changing TTPs to avoid detection."

The Iranian nation-state group known as MuddyWater has been observed carrying out destructive attacks on hybrid environments under the guise of a ransomware operation. That's according to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor targeting both on-premises and cloud infrastructures in partnership with another emerging activity cluster dubbed DEV-1084.

Microsoft believes the gang who boasted it had stolen and leaked more than 200,000 Charlie Hebdo subscribers' personal information is none other than a Tehran-backed gang. On January 4, a previously unknown cyber-crime group that called itself Holy Souls claimed to have stolen a Charlie Hebdo database containing 230,000 customers' names, email addresses, phone numbers, addresses, and financial information, and offered it for sale for about $340,000.

The NSCS has attributed the campaigns to a Russia-based group called SEABORGIUM and the Iran-based TA453 group, also known as APT42. The threat groups target individuals working in academia, defence, government, non-government organisations, and think-tanks.

An Iranian cyber espionage gang with ties to the Islamic Revolutionary Guard Corps has learned new methods and phishing techniques, and aimed them at a wider set of targets - including politicians, government officials, critical infrastructure and medical researchers - according to email security vendor Proofpoint. Over the past two years, the threat actor group that Proofpoint's researchers track as TA453 has branched out from its usual victims - academics, researchers, diplomats, dissidents, journalists and human rights workers - and adopted new means of attack.

According to these internal documents, SIAM is a computer system that works behind the scenes of Iranian cellular networks, providing its operators a broad menu of remote commands to alter, disrupt, and monitor how customers use their phones. The tools can slow their data connections to a crawl, break the encryption of phone calls, track the movements of individuals or large groups, and produce detailed metadata summaries of who spoke to whom, when, and where.

The Iranian Atomic Energy Organization has confirmed that one of its subsidiaries' email servers was hacked after the ''Black Reward' hacking group published stolen data online.AEOI says an unauthorized party from a specific foreign country, which is not named, stole emails from the hacked server, which consisted of daily correspondence and technical memos.