Tag: iran

15 Attack Reports | 0 Vulnerabilities

Attack reports

MuddyWater Leveraging DCHSpy For Israel-Iran Conflict

Iranian cyber espionage group MuddyWater, affiliated with Iran's Ministry of Intelligence and Security, is utilizing DCHSpy, an Android surveillanceware tool, in the context of the Israel-Iran conflict. DCHSpy collects extensive data from infected devices, including WhatsApp data, accounts, contact…
android
iran
vpn
telegram
2025-08-21
israel
dchspy
conflict
surveillanceware
sandstrike
starlink
Published: August 21, 2025
Linked vulnerabilities : CVE-2025-4609
Downloadable IOCs: 23

Iranian Educated Manticore Targets Leading Tech Academics

The Iranian threat group Educated Manticore, associated with the Islamic Revolutionary Guard Corps, has launched spear-phishing campaigns targeting Israeli journalists, cyber security experts and computer science professors. The attackers posed as fictitious assistants to technology executives or r…
iran
apt42
charming kitten
2025-06-26
educated manticore
Published: June 26, 2025
Downloadable IOCs: 140

Whispering in the dark

ESET researchers uncovered a cyberespionage campaign by BladedFeline, an Iran-aligned APT group likely tied to OilRig. The group has targeted Kurdish and Iraqi government officials since at least 2017, using various malicious tools including the Whisper backdoor, PrimeCache IIS module, and reverse …
backdoor
apt
iran
cyberespionage
iis module
iraq
kurdistan
whisper
shahmaran
slippery snakelet
2025-06-10
reverse tunnel
rdat
primecache
laret
pinar
flog
Published: June 10, 2025
Downloadable IOCs: 12

Malware Spotlight: A Deep-Dive Analysis of WezRat

Check Point Research provides a comprehensive analysis of WezRat, a custom modular infostealer attributed to the Iranian cyber group Emennet Pasargad. The malware has been active for over a year, targeting organizations in multiple countries. WezRat's capabilities include executing commands, taking…
backdoor
espionage
phishing
infostealer
iran
modular
2024-11-14
wezrat
c&c
Published: November 14, 2024
Downloadable IOCs: 0

Iranian Dream Job campaign

An Iranian campaign targeting the aerospace industry has been uncovered, distributing SnailResin malware through a 'dream job' scheme. Attributed to TA455, a subgroup of Charming Kitten, the campaign uses social engineering tactics on LinkedIn, impersonating recruiters to lure victims. The attack e…
evasion
iran
aerospace
dll side-loading
2024-11-12
linkedin
slugresin
dream job
charming kitten
snailresin
apt35
Published: November 12, 2024
Downloadable IOCs: 26

Inside Iran's Cyber Playbook: AI, Fake Hosting, and Psychological Warfare

Iranian cyber group Emennet Pasargad, operating as Aria Sepehr Ayandehsazan (ASA), has been linked to targeting the 2024 Summer Olympics and compromising a French display provider. The group, part of Iran's Islamic Revolutionary Guard Corps, used AI software, fictitious hosting resellers, and psych…
iran
ai
olympics
infrastructure
cyber operations
2024-11-01
propaganda
psychological tactics
information warfare
Published: November 1, 2024
Downloadable IOCs: 0

CHARMING KITTEN

Since June 2024, the Iran-nexus actor CHARMING KITTEN has been creating new network infrastructure for credential phishing, targeting individuals perceived as threats to the Iranian regime. The actor's infrastructure, known as Cluster B, uses domains with specific characteristics like similar TLDs,…
iran
infrastructure
domain registration
2024-10-04
spear-phishing
credential phishing
mint sandstorm
ta453
apt42
Published: October 4, 2024
Downloadable IOCs: 11

Iranian Cyber Actors Targeting Personal Accounts to Support Operations

Cyber actors working for Iran's Islamic Revolutionary Guard Corps (IRGC) are targeting individuals connected to Iranian and Middle Eastern affairs, including government officials, think tank personnel, journalists, activists, and lobbyists. They use social engineering techniques, impersonating cont…
phishing
social engineering
impersonation
iran
credential theft
2024-09-30
two-factor authentication
political campaigns
Published: September 30, 2024
Downloadable IOCs: 65

Targeted Iranian Attacks Against Iraqi Government Infrastructure

Check Point Research uncovered a new malware campaign targeting Iraqi government entities, employing custom tools named Veaty and Spearal. The attack utilizes various techniques including passive IIS backdoors, DNS tunneling, and C2 communication via compromised email accounts. The malware shows co…
backdoor
iran
government
dns tunneling
infrastructure
2024-09-12
spearal
email c2
veaty
cachehttp
iis module
iraq
Published: September 12, 2024
Downloadable IOCs: 16

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations

This advisory outlines the activities of an Iran-based cyber threat group that has conducted numerous intrusions against organizations in the United States and other countries since 2017, with the goal of obtaining network access to facilitate ransomware attacks. The group, known by various names s…
ransomware
state-sponsored
credential-theft
blackcat
alphv
CVE-2024-3400
iran
CVE-2024-21887
CVE-2024-24919
noberus
2024-08-28
webshells
CVE-2022-1388
CVE-2023-3519
noescape
ransomhouse
CVE-2019-19781
Published: August 28, 2024
Downloadable IOCs: 33

Iranian backed group steps up phishing campaigns against Israel, U.S.

An Iranian government-backed threat group known as APT42 has significantly intensified its phishing campaigns targeting high-profile individuals in Israel and the United States over the past six months. The group, associated with Iran's Islamic Revolutionary Guard Corps, has focused on current and …
phishing
social engineering
iran
credential theft
2024-08-26
election targeting
ycollection
lcollection
dwp
gcollection
Published: August 26, 2024
Downloadable IOCs: 38

GreenCharlie Infrastructure Linked to US Political Campaign Targeting

An analysis by Insikt Group revealed a significant surge in cyber threat activities from GreenCharlie, an Iran-linked group associated with Mint Sandstorm, Charming Kitten, and APT42. The group persistently targets US political and governmental entities through sophisticated phishing operations inv…
malware
apt
espionage
phishing
iran
2024-08-21
powerstar
gorble
Published: August 21, 2024
Downloadable IOCs: 111

Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset

Proofpoint security researchers identified an Iranian threat group known as TA453 targeting a prominent religious figure through a sophisticated social engineering campaign. The threat actors impersonated a legitimate organization and invited the target to participate in a podcast interview. Upon e…
social engineering
iran
2024-08-20
anvilecho
blacksmith
Published: August 20, 2024
Downloadable IOCs: 10

Void Manticore Destructive Activities in Israel

This analysis details the destructive operations carried out by the Iranian threat actor Void Manticore, also known as Storm-842, against Israeli organizations. The group utilizes various techniques, including custom wipers for Windows and Linux, manual file deletion, and partition table corruption…
iran
2024-05-20
wipers
hacktivism
cl wiper
destructive
bibi wiper
leaks
Published: May 20, 2024
Downloadable IOCs: 0

Untangling Iran's APT42 Operations

APT42, an Iranian state-sponsored cyber espionage actor, is using enhanced social engineering schemes to gain access to victim networks, including cloud environments. The actor is targeting Western and Middle Eastern NGOs, media organizations, academia, legal services and activists.
apt
2024-05-03
iran
cyber espionage
CVE-2021-44228
nicecurl
tamecat
Published: May 3, 2024
Downloadable IOCs: 160
Click here to see more Attack Reports