Bluesky Back Online After DDoS Attack, as Iran-Linked 313 Team Takes Credit

Bluesky is back online after a roughly 24-hour DDoS attack disrupted services, with the Iran-linked 313 Team claiming responsibility and no data breach reported...

Iran-Linked Hackers Disrupt U.S. Critical Infrastructure by Targeting Internet-Exposed PLCs

Iran-affiliated cyber actors are targeting internet-facing operational technology OT devices across critical infrastructures in the U.S., including programmable logic controllers PLCs, cybersecurity and intelligence agencies warned Tuesday. "These attacks have led to diminished PLC functionality,...

Iran-Linked Handala Hackers Claim Major Hacks on Stryker and Verifone

Iran-linked Handala hackers claim cyberattacks on Stryker and Verifone. Stryker confirms network disruption while Verifone says no breach evidence found...

Rapid7 Detection Coverage for Iran-Linked Cyber Activity

The tension arising out of the conflict in Iran is beginning to show signs of expanding beyond a strictly regional crisis. Following our recent published advisories, this communication is intended to outline and summarize the detection and enrichment coverage available to Rapid7 customers, broadl...

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker , a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home mo...

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

Threat actors with ties to Iran engaged in cyber warfare as part of efforts to facilitate and enhance physical, real-world attacks, a trend that Amazon has called cyber-enabled kinetic targeting. The development is a sign that the lines between state-sponsored cyber attacks and kinetic warfare ar...

Iran-Linked IOCONTROL Malware Targets SCADA and Linux-Based IoT Platforms

Iran-affiliated threat actors have been linked to a new custom malware that's geared toward IoT and operational technology OT environments in Israel and the United States. The malware has been codenamed IOCONTROL by OT cybersecurity company Claroty, highlighting its ability to attack IoT and...

Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors

A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been attributed by CrowdStrike to a threat actor it tracks...

Iran-Linked OilRig Targets Middle East Governments in 8-Month Cyber Campaign

The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and passwords and, in one instance, resulted in the deployment of a PowerShell backdoor called...

MuddyWater Hackers Target Asian and Middle East Countries with Updated Tactics

The Iran-linked MuddyWater threat actor has been observed targeting several countries in the Middle East as well as Central and West Asia as part of a new spear-phishing activity. "The campaign has been observed targeting Armenia, Azerbaijan, Egypt, Iraq, Israel, Jordan, Oman, Qatar, Tajikistan,...

Microsoft Warns of Iran-Linked Hackers Targeting US and Israeli Defense Firms

An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting U.S., E.U., and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo...

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center MSTIC first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technolog...

Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors

DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center MSTIC first observed and began tracking in late July 2021. MSTIC has observed DEV-0343 conducting extensive password spraying against more than 250 Office 365 tenants, with a focus on US and Israeli defense technolog...

‘Charming Kitten’ APT Siphons Intel From Mid-East Scholars

An Iran-linked advanced persistent threat APT group has taken a scholarly bent with its latest phishing campaign, which involves lengthy chats with professors, think tank higher-ups and journalists focused on Middle Eastern affairs. The threat actor is Charming Kitten – aka a number of names,...

Biden Campaign Staffers Targeted in Cyberattack Leveraging Antivirus Lure, Dropbox Ploy

Hackers sent Joe Biden’s presidential campaign staffers malicious emails that impersonated anti-virus software company McAfee, and used a mix of legitimate services such as Dropbox to avoid detection. The emails were an attempt to steal staffers’ credentials and infect them with malware. The...

APT41 Operatives Indicted as Sophisticated Hacking Activity Continues

UPDATE Five alleged members of the APT41 threat group have been indicted by a federal grand jury, in two separate actions that were unsealed this week. Meanwhile, the Department of Treasury also imposed sanctions on individuals and organizations associated with Iran-linked APT39. APT41 a.k.a...

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails

With the U.S. presidential election months away, advanced persistent threat APT groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. On Thursday, Shane Huntley with Google’s Threat Analysis Group said on Twitter that two separate phishing...

Oil-and-Gas APT Pivots to U.S. Power Plants.

A known APT group with ties to the Iran-linked APT33, dubbed Magnallium, has expanded its targeting from the global oil-and-gas industry to specifically include electric companies in North America. That’s according to a report from Dragos, released Thursday, which noted that the discovery is part...

Iran-Linked APT34 Invites Victims to LinkedIn for Fresh Malware Infections

A recent phishing campaign by Iran-linked threat actor APT34 made use of a savvy approach: Asking victims to join their social network. According to FireEye, the adversaries masqueraded as a Cambridge University lecturer, including setting up a LinkedIn page, in order to gain victims’ trust. From...

Facebook Removes a Fresh Batch of Iran-Linked Fake Accounts

Outside researchers tipped Facebook off that a social media network was pushing Iranian interests, posing as journalists, and even impersonating politicians...