Iran-Linked MuddyWater Poses as Ransomware Gang to Mask Cyber Espionage
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
An NCC Group report warns state-backed hackers are attempting to hide activity by posing as ransomware groups and deploying commercially available malware
ESET’s 2026 APT Activity Report suggests China-backed APTs are using instability in the region to target victims, as well as continuing activity against organizations around the globe
Cybersecurity researchers have discovered a new Lua-based malware created years before the notorious Stuxnet worm that aimed to sabotage Iran's nuclear program by destroying uranium enrichment centrifuges
Iran was inside before the war started. How the March 6 server report connects to the Stryker wipe. The two-team MOIS playbook. What the 72-hour intelligence confirms. And the PIM Authentication Context gap that made it possible.
Also: the Pentagon-Anthropic AI Legal Showdown, the New Reality of Document FraudIn this week's panel, four ISMG editors discuss the cyber activity tied to the U.S.-Israel-Iran conflict, the Pentagon's standoff with AI firm Anthropic and a new report that reveals how document fraud reflects deeper weaknesses in verification systems.
State news published a list of nearly 30 sites that could be targeted Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran’s state-affiliated Tasnim news agency.…
Malware Campaign Uses Lures With Positive Portrayal of Anti-Tehran ProtestsA new malware campaign is using a positive-sounding report into the recent protests in Iran, accompanied by real photos and videos, as lures in an apparent cyberespionage operation designed to conduct surveillance of dissident researchers and global communities, warn security researchers.
The Iranian hacking group known as MuddyWater has been observed leveraging a new backdoor dubbed UDPGangster that uses the User Datagram Protocol (UDP) for command-and-control (C2) purposes
BladedFeline Hackers Spying on Kurdish Officials Since at Least 2017An Iranian state espionage group stayed hidden for more than half-a-decade until security researchers spotted it in 2023, researchers said Thursday in a report detailing a growing arsenal of hacking tools it deployed against Kurdish and Iraqi government officials.
BladedFeline Hackers Spying on Kurdish Officials Since at Least 2017An Iranian state espionage group stayed hidden for more than half-a-decade until security researchers spotted it in 2023, researchers said Thursday in a report detailing a growing arsenal of hacking tools it deployed against Kurdish and Iraqi government officials.
Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025
Report Also Flags Threats Linked to North Korea, IranChinese influence operations are using artificial intelligence to carry out surveillance and disinformation campaigns, OpenAI said in its latest threat report. The report details two major Chinese campaigns that misused AI tools, including OpenAI's own models, to advance state-backed agendas.
Report: North Korean, Russian, Chinese, Iranian Actors Are Targeting Research OrgsRussian state hackers are targeting think tanks studying strategic interests and the defense sector, warned the French cyber agency. A hacking group that officially is Unit 26165 of the Russian Main Intelligence Directorate appears to be Russia's most prolific targeter of think tanks.
The Iranian state-backed hacking outfit called APT42 is making use of enhanced social engineering schemes to infiltrate target networks and cloud environments
Mandiant Says APT42 Members Have Been Posing as Journalists to Steal Troves of DataMembers of the Iranian state hacking group APT42 have been observed posing as journalists from credible news outlets and well-known research institutions as part of a global effort to harvest credentials and hack into victim cloud networks, according to a Mandiant report published Wednesday.
Hackers Are Leveraging Israel-Hamas War to Carry Out Attacks, Researcher Tells ISMGCybersecurity researchers identified a suspected Iranian espionage campaign targeting aerospace, aviation and defense industries across the Middle East. Hackers targeted employees within the aviation and defense sectors with fake job offers for tech and defense-related positions.
Nation-state actors associated with Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations
Iran-aligned adversaries have attempted to use cyber tactics to sway public opinion of the Israel-Hamas war, Google found in a new report
Report says US and Israel spent $1 billion to develop the infamous Stuxnet virus, built to sabotage Iran's nuclear program in 2008.
An Android malware campaign targeting Iranian banks has expanded its capabilities and incorporated additional evasion tactics to fly under the radar