Stay updated on Iran's information security developments with expert analysis, latest trends, and cyber threat insights.
Search across headline titles and summaries.
Background for this topic.
Iran is a nation state with a significant presence in cyberspace and a recurring subject in the context of information security. In recent years, Iran has been both a target and a perpetrator of cyber activities, involving various forms of cyber espionage, hacking, and state-sponsored cyberattacks.
The country's involvement in information security issues includes defending against cyber threats to its infrastructure and engaging in offensive operations, possibly as part of its geopolitical strategies. Discussions on the Iran tag often revolve around cyber incidents linked to Iranian actors, the country's cyber capabilities, cybersecurity policies, and the implications of its actions on global cyber stability.
Weekly headline count for the current query.
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has announced sanctions against Nobitex, Iran's largest cryptocurrency exchange, for facilitating payments related to terrorist activities. [...]
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords.
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
Iran’s “hacktivist” group Ababil of Minab, which hit LA Metro and wiped terabytes of data, is forensically linked to Iran’s intelligence service MOIS. In late March, a group calling itself Ababil of Minab posted videos and screenshots online claiming it had broken into the Los Angeles County Metropolitan Transportation Authority, wiped hundreds of terabytes of […]
Ababil of Minab Claimed Hacktivism, But Research Points to IranResearchers say Iran-linked operators behind Ababil of Minab, not independent hacktivists, disrupted L.A. Metro in March by stealing data, deleting systems and targeting backups, signaling a shift toward destructive attacks on recovery infrastructure.
Ababil of Minab Claimed Hacktivism, But Research Points to IranResearchers say Iran-linked operators behind Ababil of Minab, not independent hacktivists, disrupted L.A. Metro in March by stealing data, deleting systems and targeting backups, signaling a shift toward destructive attacks on recovery infrastructure.
The Iranian hacking group known as MuddyWater has been linked to a new campaign affecting at least nine organizations across nine countries on four continents in the first quarter of 2026
Iran's Nimbus Manticore pushes AI-built MiniFast backdoor via phishing and SEO poisoning
Nimbus Manticore accelerated cyberattacks during wartime, using AI-assisted malware, fake Zoom installers, and SEO poisoning. When the United States launched Operation Epic Fury against Iran at the end of February 2026, most analysts expected the country’s cyber apparatus to hunker down and weather the storm. That’s not what happened. Instead, researchers at Check Point have […]
The Iranian state-sponsored threat actor known as Nimbus Manticore (aka Screening Serpens and UNC1549) has been attributed to a fresh campaign using lures impersonating organizations in the aviation and software sectors across the U.S., Europe, and the Middle East following the joint U.S.-Israeli military campaign against the country in late February 2026
Malware Targeted macOS Users Visiting Patel Foundation Merchandise PageTwo months after Iran-linked hackers exfiltrated FBI Director Kash Patel's personal email, the government official's name is tangled up in another cyber incident, this time through a MAGA swag shop he co-founded. ClickFix malware on the site tried to trick shoppers into running a malicious command.
Unit 42 Says Iranian Operators Target Aerospace and Government StaffPalo Alto Networks' Unit 42 said Iran-linked operators tied to Screening Serpens are using fake recruiting campaigns, cloned aerospace hiring portals and malware-laced job materials to infiltrate defense, satellite communications and government networks.
Security experts have long warned that insecure automatic tank gauge (ATG) systems exposed on the Internet can be tampered with by threat actors.
Also, YellowKey Bypasses BitLocker, Škoda Breach, Kingdom Market Operator JailedThis week, U.S. lawmakers urged action on AI, a BitLocker exploit. Škoda, Nvidia’s GeForce NOW partner and telehealth firm OpenLoop reported breaches. Patch Tuesday. A dark market operator sentenced and pro-Ukraine and Iranian-linked hacking. Nitrogen ransomware attack on Foxconn.
The Iran-linked hacking group MuddyWater (a.k.a. Seedworm, Static Kitten) launched a broad cyber-espionage campaign targeting at least nine high-profile organizations across multiple sectors and countries. [...]
MOIS-linked cyber outfit puts on a ransomware show to disguise the wide-open backdoor behind the scenes
The MuddyWater Iranian hackers disguised their operations as a Chaos ransomware attack, relying on Microsoft Teams social engineering to gain access and establish persistence. [...]
The Iranian state-sponsored hacking group known as MuddyWater (aka Mango Sandstorm, Seedworm, and Static Kitten) has been attributed to a ransomware attack in what has been described as a "false flag" operation
Rapid7 reveals an Iranian false flag operation masquerading as a Chaos ransomware attack
As the war with Iran continues, breach attempts targeting the United Arab Emirates tripled in a few weeks — many targeting critical infrastructure.