CyberSecurityBoard
Sponsor Register Login

Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors

This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and critical infrastructure organizations. Nozomi Networks Labs analysts identified six prominent Iranian Advanced Persistent Threat (APT) groups orchestrating these sophisticated attacks: MuddyWater, APT33, OilRig, CyberAv3ngers, FoxKitten, and Homeland Justice. The surge in attacks represents a significant shift in Iranian cyber warfare strategy, with threat intelligence data revealing 28 documented incidents during the two-month period compared to just 12 attacks in the previous quarter. Organizations are advised to monitor for indicators of compromise including the IP addresses 159.100.6[.]69, 169.150.227[.]230, and 95.181.161[.]50 among other malicious infrastructure identified in ongoing threat intelligence operations. Iranian state-sponsored threat actors have intensified their cyberattacks against critical infrastructure in the United States, with a dramatic 133% increase in malicious activity recorded during May and June 2025. The threat actors have demonstrated remarkable persistence and technical sophistication, employing diverse attack vectors specifically tailored to compromise operational technology environments and industrial control systems. This operational technology-focused malware represents a significant threat to industrial environments, capable of manipulating programmable logic controllers and other critical industrial systems. The escalation coincides with heightened geopolitical tensions surrounding the recent Iranian conflict, as cybersecurity researchers track a coordinated campaign targeting primarily Transportation and Manufacturing sectors across American companies. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. APT33 followed closely, targeting three different American organizations, while OilRig, CyberAv3ngers, FoxKitten, and Homeland Justice each compromised at least two U.S. companies during the observed timeframe. The reuse of infrastructure demonstrates a calculated approach to resource management while potentially indicating confidence in their operational security measures. Security researchers discovered that the group deliberately recycled an IP address previously linked to the deployment of OrpaCrab, also known as IOCONTROL malware, which was first identified in December 2024. MuddyWater emerged as the most prolific threat actor during this campaign, successfully breaching at least five separate U.S. companies predominantly within the Transportation and Manufacturing sectors. Tushar is a Cyber security content editor with a passion for creating captivating and informative content.

This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 11 Jul 2025 18:00:13 +0000


Cyber News related to Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors

Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
6 months ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33
Black Kite Research Reveals 80% Of Manufacturing Companies Face Critical Cyber Vulnerabilities - Due to its critical nature, the manufacturing industry is a prime target for bad actors to exploit, said Ferhat Dikbiyik, Black Kite’s chief research and intelligence officer. Black Kite’s data reveals that manufacturing was the top industry ...
1 year ago Informationsecuritybuzz.com
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
2 years ago Bleepingcomputer.com APT3 APT33
Check Point released hotfix for actively exploited VPN zero-day - MUST READ. Check Point released hotfix for actively exploited VPN zero-day. Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. Apple ...
1 year ago Securityaffairs.com CVE-2024-23222 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109
Using Threat Intelligence To Combat Advanced Persistent Threats (APTs) - By incorporating threat intelligence feeds into security operations, organizations gain valuable insights into the tactics, techniques, and procedures (TTPs) used by known APT groups. Modern platforms integrate contextual intelligence feeds, helping ...
9 months ago Cybersecuritynews.com
Autonomous Vehicles: Driving the Future - The realm of autonomous vehicles presents a fascinating scenario where machines assume control of the wheel, ushering in a new era of transportation. The evolution of autonomous vehicles began quietly in the early days of the automotive industry, ...
1 year ago Securityzap.com
Defending Against APTs - CISO's Strategic Guide - CISOs must recognize that APTs represent not just technical challenges but strategic threats requiring comprehensive defense frameworks that address the full attack lifecycle, from prevention through detection to response and recovery. Traditional ...
9 months ago Cybersecuritynews.com
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
2 years ago Blog.checkpoint.com
CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure - The most concerning aspect of Iranian cyber operations involves their systematic targeting of operational technology networks and industrial control systems across multiple critical infrastructure sectors. When targeting operational technology ...
7 months ago Cybersecuritynews.com
New MOVEit Transfer critical bug is actively exploited - MUST READ. New MOVEit Transfer critical bug is actively exploited. CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog. Critical Fortinet's FortiClient EMS flaw actively exploited in the wild. PoC ...
1 year ago Securityaffairs.com CVE-2020-3259 CVE-2023-22515 CVE-2023-40044 CVE-2023-20109 Rocke
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
2 years ago Securityweek.com
CVE-2021-47275 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
2 years ago Therecord.media
Scattered Spider Hackers Actively Attacking Aviation and Transportation Firms - Charles Carmakal, Chief Technology Officer at Mandiant Consulting-Google Cloud, confirmed that his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered ...
7 months ago Cybersecuritynews.com Scattered Spider
US Authorities Identify Iranian Connection in Recent Cybersecurity Breaches - It has been announced that six Iranian officials have been sanctioned by the U.S. Department of Treasury's Office of Foreign Assets Control, the Iranian government organization responsible for the series of malicious cyber activities directed against ...
2 years ago Cysecurity.news
Threat Actors Actively Attacking Semiconductor Companies With 0-Day Exploits - In a concerning development for the global technology supply chain, sophisticated threat actors have launched a coordinated campaign exploiting previously unknown vulnerabilities in critical semiconductor manufacturing systems. “We’ve ...
9 months ago Cybersecuritynews.com
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors - A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been ...
2 years ago Thehackernews.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
2 years ago Darkreading.com
Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
2 years ago Bleepingcomputer.com APT3 APT33
US Agencies Failing to Oversee Ransomware Protections - The White House's goal of bolstering the cyber resilience of critical infrastructure is being threatened by US federal agencies' lack of oversight of ransomware protections, according to a new Government Accountability Office report. The GAO noted ...
2 years ago Infosecurity-magazine.com
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
2 years ago Securityweek.com
Cyberattack Targets Albanian Parliament's Data System, Halting Its Work - Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. It said the system's services would resume at a later time. Local media reported ...
2 years ago Securityweek.com
Industrials at Cisco Live 2024 - Network with thought leaders and gain forward-thinking insights driving your sector forward. Get started with a full list of industry sessions and activities. Join the leading minds in IT and learn about cutting-edge practices driving innovation in ...
1 year ago Feedpress.me
Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
2 years ago Hackread.com
OT Cybersecurity for Automotive Industry - OT systems are ubiquitous across all critical infrastructure industries, such as Oil and Gas, Automotive, Energy, Water Utilities, and Transportation. OT infrastructure is very vital to any nation's security to ensure the delivery of essential ...
2 years ago Feeds.dzone.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)