Iranian APT on Networks of U.S. Bank, Airport, Software Company
Essential information
- Published
- 05/03/2026 20:13
- Modified
- 06/03/2026 11:54
- Tags
- 2026-03-05 CVE-2017-7921 CVE-2023-6895 apt backdoor bibiwiper critical-infrastructure cyberattack darkcomp data exfiltration ddos dindoor espionage fakeset geopolitical conflict httpsnoop iranian apt pdq phoenix stagecomp u.s. targets
- Related entities
- 2 vulnerabilities (cve), 25 observables, 1 intrusion sets (apt), 8 malware, 15 others
Description
Iranian APT group Seedworm has been active on networks of multiple U.S. companies since February 2026, targeting a bank, airport, software company, and NGOs. The group deployed new backdoors named Dindoor and Fakeset, signed with certificates previously linked to Seedworm. The activity occurs amid escalating tensions between the U.S., Israel, and Iran. Seedworm, known for espionage and information gathering, has broadened its scope to target various sectors globally. The article discusses recent Iranian cyber activities, potential future threats, and provides recommendations for defenders to prepare against DDoS, credential attacks, leaks, critical infrastructure attacks, and destructive operations.