Iranian APT Phishes US Policy Wonks

An Iranian advanced persistent threat (APT) group has been actively targeting U.S. policy experts through sophisticated phishing campaigns. These attacks aim to infiltrate the networks of think tanks, government agencies, and policy research organizations to gather intelligence and influence policy decisions. The phishing emails often impersonate trusted contacts and use social engineering tactics to trick recipients into revealing credentials or downloading malware. This campaign highlights the ongoing cyber espionage efforts by nation-state actors to gain strategic advantages. Organizations in the policy sector are urged to enhance their cybersecurity posture by implementing multi-factor authentication, conducting regular phishing awareness training, and deploying advanced email filtering solutions. The threat actor's tactics, techniques, and procedures (TTPs) are consistent with previous Iranian APT activities, emphasizing the need for continuous monitoring and threat intelligence sharing among allied entities. This incident underscores the critical importance of cybersecurity in protecting national security interests and maintaining the integrity of policy-making processes.

This Cyber News was published on www.darkreading.com. Publication date: Wed, 05 Nov 2025 10:05:08 +0000

Cyber News related to Iranian APT Phishes US Policy Wonks

Iranian APT Phishes US Policy Wonks - An Iranian advanced persistent threat (APT) group has been actively targeting U.S. policy experts through sophisticated phishing campaigns. These attacks aim to infiltrate the networks of think tanks, government agencies, and policy research ...
2 months ago Darkreading.com Iranian APT

What Is a Firewall Policy? Ultimate Guide - A firewall policy is a set of rules and standards designed to control network traffic between an organization's internal network and the internet. There are key components to consider, main types of firewall policies and firewall configurations to be ...
2 years ago Esecurityplanet.com

What is an advanced persistent threat? - An advanced persistent threat is a prolonged and targeted cyber attack in which an intruder gains access to a network and remains undetected for an extended period. APT attacks are initiated to steal highly sensitive data rather than cause damage to ...
2 years ago Techtarget.com Cozy Bear APT29

Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
2 years ago Blog.checkpoint.com

Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
1 year ago Bleepingcomputer.com APT3 APT33

How to create a cloud security policy, step by step - What's needed is a set of rules for how cloud security is managed, and the key to that is a cloud security policy. A cloud security policy contains detailed guidelines to help an organization ensure that it operates safely in the cloud. Because cloud ...
1 year ago Techtarget.com

Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
1 year ago Securityweek.com

CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure - The most concerning aspect of Iranian cyber operations involves their systematic targeting of operational technology networks and industrial control systems across multiple critical infrastructure sectors. When targeting operational technology ...
6 months ago Cybersecuritynews.com

Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
6 months ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33

Create Highly Secure Applications in Mule 4 - Accessibility Control/Access Management Use Anypoint Access Management to create your Anypoint Platform account or configure a federated External Identity. Environment Management Anypoint Platform enables you to create and manage separate deployment ...
1 year ago Feeds.dzone.com

CVE-2020-5202 - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit ...
4 years ago

US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
1 year ago Cysecurity.news

Microsoft Identifies Iranian GovernmentBacked Group as Responsible for Charlie Hebdo Cyber Attack - In January 2023, the U.S. government sanctioned an Iranian nation-state group for the hack of the French satirical magazine Charlie Hebdo. Microsoft, which revealed the details of the incident, is tracking the activity cluster under the name ...
2 years ago Thehackernews.com

Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
2 years ago Therecord.media

Cyberattack Targets Albanian Parliament's Data System, Halting Its Work - Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. It said the system's services would resume at a later time. Local media reported ...
2 years ago Securityweek.com

Iranian Threat Actors Leveraging AI-Crafted Emails to Target Cybersecurity Researchers and Academics - The campaign, primarily attributed to APT35 (also known as Charming Kitten and Magic Hound), represents a marked evolution in Iranian cyber warfare tactics, moving beyond traditional surveillance operations to more sophisticated, high-trust social ...
5 months ago Cybersecuritynews.com Magic Hound APT3

North Korea-linked APT Kimsuky targeted German defense firm Diehl Defence - North Korea-linked APT group Kimsuky has been linked to a cyberattack on Diehl Defence, a defense firm specializing in the production of advanced military systems. “Researchers from Mandiant, a Google subsidiary, uncovered and analyzed a ...
1 year ago Securityaffairs.com Kimsuky

BladedFeline Using Whisper and PrimeCache to Compromise IIS & Microsoft Exchange servers - Whisper’s operational workflow involves seven distinct steps: gaining access to compromised email accounts, establishing inbox rules for command processing, sending periodic check-in messages, fetching encrypted operator commands from email ...
6 months ago Cybersecuritynews.com OilRig APT3

Understanding Backdoor Diplomacy Attack on Iranian Government Entities - In today’s digital world, cyberattacks are becoming increasingly prevalent, particularly against governments and public or private entities. Recently, a new targeted attack against Iranian government entities has been detected. Dubbed “Backdoor ...
2 years ago Heimdalsecurity.com Cozy Bear

Chinese Hackers Target Iranian Government Entities in Months-long Attack - A months-long attack by Chinese hackers has been targeting Iranian government entities, according to a report by CSO Online. The hackers, named IAMPrime, have been targeting government institutions in Iran since at least July of last year. The ...
2 years ago Csoonline.com

Pro-Israeli Hacktivists Attack Iranian Gas Stations - Hacktivist group Predatory Sparrow says it was behind a cyberattack on gas stations across Iran that disrupted operations. Between 60% and 70% of Iranian gas stations reportedly have been affected. Reza Navar, a spokesperson for Iran's petrol ...
2 years ago Darkreading.com

Microsoft Claims Iranian Group Responsible for Hacking and Releasing Information from Charlie Hebdo - Following the launch of a cartoon contest by the French satirical magazine Charlie Hebdo to mock Iran's ruling cleric, a state-backed Iranian cyber unit retaliated with a hack-and-leak campaign. This was done in an attempt to create fear by claiming ...
2 years ago Securityweek.com

Microsoft Links Charlie Hebdo Attacks to Iranian StateSponsored Group - Microsoft's Digital Threat Analysis Center has linked a recent cyber attack on the French satirical magazine Charlie Hebdo to an Iranian nation-state actor. The group, which calls itself Holy Souls and has also been identified as Emennet Pasargad by ...
2 years ago Csoonline.com

Iranian Hackers Responsible for Infiltrating Charlie Hebdos Data - The Holy Souls or NEPTUNIUM threat group is believed to be behind the recent attack on the French satirical magazine Charlie Hebdo. This group is known to be supported by the Iranian government and has been sanctioned by the US government in the ...
2 years ago Heimdalsecurity.com

Hackers Sabotage Iranian Ships Using Maritime Communications - In a significant cyber-attack, hackers have successfully sabotaged Iranian ships by exploiting vulnerabilities in maritime communication systems. This incident highlights the growing threat of cyber warfare targeting critical maritime infrastructure. ...
4 months ago Cybersecuritynews.com