Iranian APT 'BladedFeline' Hides in Network for 8 Years
ESET published research on the Iranian APT "BladedFeline," which researchers believe is a subgroup of the cyber-espionage entity APT34.
APT34 is a threat group linked to Iran and associated with malware, credential theft, and cyberespionage against organizations.
Search across headline titles and summaries.
Background for this topic.
APT34 is a cyber espionage group linked to Iranian state interests, primarily targeting organizations across the Middle East. They focus on sectors such as energy, telecommunications, financial services, and government entities. Their attacks often begin with spear-phishing emails containing malicious attachments or links, leading to credential theft, network reconnaissance, and deployment of custom malware to maintain persistent access.
Security teams should watch for phishing campaigns tailored to regional or industry-specific contexts and monitor for unusual authentication patterns or lateral movement within networks. Defenses include enforcing multi-factor authentication, promptly patching vulnerabilities, and using threat intelligence to identify APT34’s known malware signatures and command-and-control infrastructure. Understanding their targeting helps organizations prioritize protections around critical infrastructure and sensitive data in high-risk regions.
Weekly headline count for the current query.
ESET published research on the Iranian APT "BladedFeline," which researchers believe is a subgroup of the cyber-espionage entity APT34.
The Islamic Republic is keeping its enemies close and its friends closer, with espionage attacks aimed at nearby neighbors.
A MOIS-aligned threat group has been using Microsoft Exchange servers to exfiltrate sensitive data from Gulf-state government agencies.
Increasing attacks by the OilRig/APT34 group linked to Iran's Ministry of Intelligence and Security show that the nation's capabilities are growing, and targeting regional allies and enemies alike.
The prolific APT repeatedly compromised targets in healthcare, manufacturing, and government with new lightweight downloaders that blend into network traffic for evasion.
The state-sponsored threat actors (aka APT34, Crambus, Helix Kitten, or OilRig) spent months seemingly taking whatever government data they wished, using never-before-seen tools.
The Menorah malware can upload and download files, as well as execute shell commands.
The prolific APT, also known as OilRig and MuddyWater, was caught targeting an IT company's government clients in the region, with the aim of carrying out cyber espionage.