216.73.217.22

Iran conflict drives heightened espionage activity against Middle East targets

· Published 11/03/2026 15:24 · Modified 16/03/2026 09:51

Export JSON

Essential information

Published
11/03/2026 15:24
Modified
16/03/2026 09:51
Tags
2026-03-11 cobalt strike cyber espionage government targets iran conflict phishing rust backdoor state-sponsored actors
Related entities
19 observables, 26 techniques (mitre), 2 malware, 24 others

Description

The ongoing conflict involving Iran has led to increased activities targeting Middle Eastern governments. Multiple state-sponsored threat actors, including those from China, Belarus, Pakistan, and Hamas, have been observed conducting campaigns using the conflict as a lure. These actors are employing various tactics such as credential , malware delivery, and compromised accounts to target government and diplomatic organizations. The campaigns often use war-themed content to engage targets and gather intelligence on the conflict's trajectory and geopolitical implications. Iranian threat actors continue their traditional espionage efforts alongside disruptive campaigns in support of war efforts. This heightened activity reflects both opportunistic use of topical lures and shifts in intelligence collection priorities for various state-aligned groups.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

Observables (19)

  • https://unityprogressall.org/imagecontent/getimgcontent.php?id=
  • https://defenceprodindia.site/server.php?file=Reader_en_install
  • https://iran.dashboard.1drvms.store/errors/sessionerrors/expire?client=[redacted]
  • https://iran.dashboard.1drvms.store/errors/sessionerrors/expire?client=
  • https://mail.iwsmailserver.com/owa/auth/logon.aspx?uid=
  • https://deepdive.hypernas.com/hypernas/api/page.php?uid=
  • 9477d9cd1435dc465b4047745e9c71103a114d65ed0d5f02ac3c97ac3f1dbf47
  • b58ec14b0119182aef12d153280962ad76c30e3cd67533177d55481704eba705
  • 7b6d69a249fe2adf43eefc31cdeca62cf48ab428fcbf199322feeb99d24fb001
  • d518262dd687a48f273966853f3ed4eb7404eb918b165bb71ff83f75962c0104
  • a9de383c6a1b00c9bd5a09ef87440d72ec7fc4bcd781207b3cace2f246788d4d
  • dfaaaf75147afbd57844382c953ec7ef36f68a9c17c66a47a847279a6b1109c9
  • fed6ebb87f7388adf527076b07e81dfa432bac4e899b0d7af17b85cc0205ffad
  • a8acb9864e6f64323ed75e69038ca9bfe76f7b1b0d24ec7df8ac07b6dbd641a3
  • a9f4f4bc12896d0f0d2eeff02dd3e3e1c1406d8a6d22d59aa85f151d806ba390
  • 16db04b632668dae081359fc07c97e5a9b79dad61713642e48b494aa6b7828be
  • 4b9661092051839496c04169ccb52b659c0f65cefd14a990e23565a0c0e8eeaf
  • ea1d98a41ad9343d017fa72f4baeeca0daa688bec6e0508e266c5e37e9d330de
  • 14efa1194cc4c6aa5585d63c032268794364123d41a01121cbd5e56f7c313399

Techniques (MITRE) (26)

Malware (2)

  • Cobalt Strike - S0154
    AlienVault Confidence 100
    First seen 01/01/1970 · Last seen 16/11/5138 Published 20/12/2025 19:39 · Modified 27/05/2026 21:40
  • Rust backdoor
    Family
    Published 11/03/2026 15:24 · Modified 11/03/2026 15:24

Others (24)

  • India
  • British Indian Ocean Territory
  • Israel
  • Syrian Arab Republic
  • Iran, Islamic Republic of
  • United States of America
  • Iraq
  • Defense
  • Government
  • mofa.gov.iq
  • deepdive.hypernas.com
  • transfergocompany.com
  • 1drvms.store
  • denika.se
  • mail.iwsmailserver.com
  • war.analyse.ltd
  • iwsmailserver.com
  • defenceprodindia.site
  • support.almersalstore.com
  • med.gov.sy
  • almersalstore.com
  • elcat.kg
  • iran.dashboard.1drvms.store
  • unityprogressall.org

External references