CyberSecurityBoard
Sponsor Register Login

Iranian hackers targeted over 100 govt orgs with Phoenix backdoor

Iranian hacker groups have launched a widespread cyber espionage campaign targeting over 100 government organizations worldwide using the Phoenix backdoor malware. This sophisticated malware enables attackers to gain persistent access, steal sensitive data, and conduct surveillance operations. The campaign highlights the increasing cyber threats posed by state-sponsored actors leveraging advanced persistent threats (APTs) to infiltrate critical infrastructure and government networks. Organizations are urged to strengthen their cybersecurity defenses, implement robust endpoint protection, and monitor network traffic for signs of compromise. The Phoenix backdoor's modular design allows attackers to customize payloads, making detection and mitigation challenging. This incident underscores the importance of international cooperation in combating cyber espionage and protecting national security interests. Cybersecurity teams should prioritize patch management, user awareness training, and incident response readiness to mitigate risks from such sophisticated threats.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 22 Oct 2025 21:20:13 +0000


Cyber News related to Iranian hackers targeted over 100 govt orgs with Phoenix backdoor

CVE-2023-53560 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2022-49069 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
Microsoft: Iranian hackers target researchers with new MediaPl malware - Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware. The attackers, a ...
2 years ago Bleepingcomputer.com APT3 APT33
Iranian hackers targeted over 100 govt orgs with Phoenix backdoor - Iranian hacker groups have launched a widespread cyber espionage campaign targeting over 100 government organizations worldwide using the Phoenix backdoor malware. This sophisticated malware enables attackers to gain persistent access, steal ...
3 months ago Bleepingcomputer.com Iranian hackers
BianLian GOs for PowerShell After TeamCity Exploitation - In conjunction with GuidePoint's DFIR team, we responded to an incident that began with the exploitation of a TeamCity server which resulted in the deployment of a PowerShell implementation of BianLian's GO backdoor. The threat actor identified a ...
1 year ago Securityboulevard.com CVE-2024-27198 CVE-2023-42793 BianLian
Microsoft: Hackers target defense firms with new FalseFont malware - Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. The DIB sector targeted in these attacks comprises over 100,000 defense companies and ...
2 years ago Bleepingcomputer.com APT3 APT33
Iran's Peach Sandstorm Deploy FalseFont Backdoor in Defense Sector - In its latest campaign, Iranian state-backed hackers, Peach Sandstorm, employs FalseFont backdoor for intelligence gathering on behalf of the Iranian government. Cybersecurity researchers at Microsoft Threat Intelligence Unit have uncovered the ...
2 years ago Hackread.com
CVE-2024-0762 - Potential buffer overflow ...
1 year ago
Check Point Research Report: Shift in Cyber Warfare Tactics - Highlights: Shift in Cyber Warfare Focus: Recent developments in cyber warfare reveal a shift in the activities of Iranian hacktivist proxies. Initially concentrated on Israel, these groups are now extending their cyber operations to include targets ...
2 years ago Blog.checkpoint.com
ICS at Multiple US Water Facilities Targeted by Hackers Affiliated With Iranian Government - The hackers behind recent cyberattacks targeting industrial control systems at water facilities in the US are affiliated with the Iranian government, according to security agencies in the United States and Israel. The FBI, CISA, the NSA, the EPA and ...
2 years ago Securityweek.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
2 years ago Therecord.media
Hackers backdoor Russian state, industrial orgs for data theft - Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations. Kaspersky first detected the campaign in June 2023, while in mid-August, the ...
2 years ago Bleepingcomputer.com
Understanding Backdoor Diplomacy Attack on Iranian Government Entities - In today’s digital world, cyberattacks are becoming increasingly prevalent, particularly against governments and public or private entities. Recently, a new targeted attack against Iranian government entities has been detected. Dubbed “Backdoor ...
3 years ago Heimdalsecurity.com Cozy Bear
Online ransomware decryptor helps recover partially encrypted files - CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption. The company announced today that although the tool was already freely available through GitHub as a ...
1 year ago Bleepingcomputer.com BianLian Qilin Cactus Black Basta
Iran Ramps Up Cyberattacks on Israel Amid Hamas Conflict: Microsoft - In the context of the Israel-Hamas conflict, Iran's offensive operations against Israel were initially reactive and chaotic, but quickly ramped up and expanded in scope, Microsoft says. Immediately after October 7, Iranian threat actors were seen ...
1 year ago Securityweek.com
FSB arrests Russian hackers working for Ukrainian cyber forces - The Russian Federal Security Service arrested two individuals believed to have helped Ukrainian forces carry out cyberattacks to disrupt Russian critical infrastructure targets. Both suspects were taken into custody one same day in two different ...
2 years ago Bleepingcomputer.com
Russian Sandworm Group Using Novel Backdoor to Target Ukraine - Russian nation-state group Sandworm is believed to be utilizing a novel backdoor to target organizations in Ukraine and other Eastern and Central European countries, according to WithSecure researchers. The previously unreported backdoor, dubbed ...
1 year ago Infosecurity-magazine.com
Iranian Hackers Developed a New Backdoor to Hack Windows - Peach Sandstorm, an Iranian Hackers group, targets diverse sectors globally, and this group is linked to:-. Using password spray campaigns, Peach Sandstorm exhibits opportunistic behavior, with a history of relying on this tactic. This custom ...
2 years ago Cybersecuritynews.com
Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets - A group of pro-Hamas attackers known as the Gaza Cybergang is using a new variation of the Pierogi++ backdoor malware to launch attacks on Palestinian and Israeli targets. According to research from Sentinel Labs, the backdoor is based on the C++ ...
2 years ago Darkreading.com
Cyberattack Targets Albanian Parliament's Data System, Halting Its Work - Albania's Parliament said on Tuesday that it had suffered a cyberattack with hackers trying to get into its data system, resulting in a temporary halt in its services. It said the system's services would resume at a later time. Local media reported ...
2 years ago Securityweek.com
MuddyWater Targets 100+ Government Entities in MEA With Phoenix Backdoor - MuddyWater, a notorious cyber espionage group, has intensified its operations targeting over 100 government entities across the Middle East and Africa (MEA) region. The group employs the Phoenix backdoor malware to infiltrate and maintain persistent ...
3 months ago Darkreading.com MuddyWater
China-linked hackers target European healthcare orgs in suspected espionage campaign | The Record from Recorded Future News - A previously unknown hacking group has been spotted targeting European healthcare organizations using spyware linked to Chinese state-backed hackers and a new ransomware strain, researchers said. The hackers, dubbed Green Nailao, deployed ShadowPad ...
11 months ago Therecord.media
CISA Warns of Iranian Cyber Actors May Attack U.S. Critical Infrastructure - The most concerning aspect of Iranian cyber operations involves their systematic targeting of operational technology networks and industrial control systems across multiple critical infrastructure sectors. When targeting operational technology ...
6 months ago Cybersecuritynews.com
Iranian APTs Hackers Actively Attacking Transportation and Manufacturing Sectors - This aggressive campaign has prompted urgent warnings from the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Homeland Security, highlighting the critical need for enhanced security measures across industrial and ...
6 months ago Cybersecuritynews.com MuddyWater OilRig APT3 APT33
New Phoenix attack bypasses Rowhammer defenses in DDR5 memory - A newly discovered attack named "New Phoenix" has been found to bypass existing Rowhammer defenses in DDR5 memory modules. Rowhammer is a hardware vulnerability that allows attackers to manipulate memory cells by repeatedly accessing adjacent rows, ...
4 months ago Bleepingcomputer.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)