(checkpoint.com) Iranian MOIS-Linked Cyber Actors Increasingly Leverage Criminal Ecosystems for State-Directed Operations
-
(checkpoint.com) Iranian MOIS-Linked Cyber Actors Increasingly Leverage Criminal Ecosystems for State-Directed Operations
Iranian threat actors linked to MOIS, including MuddyWater and Void Manticore, are actively integrating criminal ecosystem resources into state directed operations, employing commercial infostealers like Rhadamanthys, RaaS affiliate programs such as Qilin, and shared MaaS infrastructure like CastleLoader. Shared code signing certificates tying FakeSet, StageComp, and DinDoor variants suggest a common procurement source across these groups. The attack on Israel's Shamir Medical Center illustrates this convergence, where operators appeared to use the Qilin RaaS model to disguise a strategically motivated attack as criminal activity.
IOCs in the article.
Source: https://research.checkpoint.com/2026/iranian-mois-actors-the-cyber-crime-connection/
Fediverse: Not known
-
R relay@relay.infosec.exchange shared this topic
