Iran’s Nimbus Manticore Used Trojanized Zoom Installers Against US Firms

Iran’s Nimbus Manticore hackers used trojanized Zoom installers to deploy malware against US firms during a wider IRGC linked cyber campaign...

From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks

From the Shadows to the Headlines: A Decade of State-Sponsored Cyber Leaks By Ryan Slaney and Emma DeCarli · January 20, 2026 Executive summary The December 2, 2025, publication of a massive leak revealing the inner workings of the IRGC-linked Department 40 a.k.a. APT35, Charming Kitten, and Fres...

Exposed and vulnerable: Recent attacks highlight critical need to protect internet-exposed OT devices

Since late 2023, Microsoft has observed an increase in reports of attacks focusing on internet-exposed, poorly secured operational technology OT devices. Internet-exposed OT equipment in water and wastewater systems WWS in the US were targeted in multiple attacks over the past months by different...

U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command IRGC-CEC from at least 2016 to April 202...

Iranian hackers soar into the defense sectors of the Middle East

Summary: Since June 2022, the hacking group UNC1549, potentially connected to Tortoiseshell aka Imperial Kitten and linked with the Iranian IRGC, has implemented distinct backdoors known as MiniBike and MiniBus. Their primary focus lies in targeting defense-related entities in the Middle East...

U.S. Sanctions 6 Iranian Officials for Critical Infrastructure Cyber Attacks

The U.S. Treasury Department's Office of Foreign Assets Control OFAC announced sanctions against six officials associated with the Iranian intelligence agency for attacking critical infrastructure entities in the U.S. and other countries. The officials include Hamid Reza Lashgarian, Mahdi...

IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities

Actions to take today to mitigate malicious activity: 1. Implement multifactor authentication. 2. Use strong, unique passwords. 3. Check PLCs for default passwords...

Microsoft shares threat intelligence at CYBERWARCON 2023

At the CYBERWARCON 2023 conference, Microsoft and LinkedIn analysts are presenting several sessions detailing analysis across multiple sets of threat actors and related activity. This blog is intended to summarize the content of the research covered in these presentations and demonstrates Microso...

Iranian Hackers' Sophisticated Malware Targets Windows and macOS Users

The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware. "TA453 eventually used a variety of cloud hosting providers to deliver a novel infection chain that deploys the newly identified...

U.S. Charges 3 Iranian Hackers and Sanctions Several Others Over Ransomware Attacks

The U.S. Treasury Department's Office of Foreign Assets Control OFAC on Wednesday announced sweeping sanctions against ten individuals and two entities backed by Iran's Islamic Revolutionary Guard Corps IRGC for their involvement in ransomware attacks at least since October 2020. The agency said...

Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations

Summary Actions to take today to protect against ransom operations: • Keep systems and software updated and prioritize remediating known exploited vulnerabilities. • Enforce MFA. • Make offline backups of your data. This joint Cybersecurity Advisory CSA is the result of an analytic effort among t...

Predatory Sparrow massively disrupts steel factories while keeping workers safe

Stuxnets attack on Irans uranium enrichment facilities manifested fears of cyberattacks leaking into the real world. What once was theory is now upon us. Two weeks ago, multiple Iranian steel facilities experienced a cyberattack that might have been pulled off by what many cybersecurity experts i...

Potential for Iranian Cyber Response to U.S. Military Strike in Baghdad

Summary The Cybersecurity and Infrastructure Security Agency CISA is sharing the following information with the cybersecurity community as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the...