X-Industry

Military action in Iran has increased the potential of cyberattacks from Iranian-sponsored actors and hacktivists, and criminal groups aligned with Iran.  Below is a brief on the types of attacks Iran has executed or sponsored in the past to provide a starting roadmap based on their past cyberattacks during similar times of conflict.[1]   

While the line between hacktivist and state-sponsored threat actors can be blurry, Iran is a formidable adversary hosting several prominent threat actors. Ira

UDPGangster is a UDP-based backdoor associated with the MuddyWater threat group, which is known for its cyber espionage operations across the Middle East and neighboring regions.  This malware enables remote control of compromised systems by allowing attackers to execute commands, exfiltrate files, and deploy additional payloads, all communicated through UDP channels designed to evade traditional network defenses.

Researchers recently observed multiple UDPGangster campaigns targeting users in Tu

Hackers believed to be affiliated with an Iranian intelligence agency are using a newly-discovered strain of the DCHSpy malware to snoop on adversaries.  Researchers from the cybersecurity firm Lookout detected the latest version of DCHSpy one week after Israel’s June bombing campaign targeting Iran’s nuclear program began.  DCHSpy was first detected in 2024, but has since evolved and can now exfiltrate data from WhatsApp and files stored on devices, Lookout said.  The malware also collects cont

The Iranian nation-state group known as MuddyWater has been observed directing destructive attacks on hybrid environments under the guise of a ransomware operation.  The name is not to be confused with McKinley Morganfield (April 4, 1913 – April 30, 1983), known professionally as Muddy Waters, was an American blues singer and musician.  Iran could be singing the blues if they keep this up.

According to new findings from the Microsoft Threat Intelligence team, which discovered the threat actor ta