(safebreach.com) Iranian Cyber Operations: Escalating Threat Landscape, Expanded Targeting, and Evolving TTPs

orlysec@swecyb.com

(safebreach.com) Iranian Cyber Operations: Escalating Threat Landscape, Expanded Targeting, and Evolving TTPs

Iranian cyber ops surge: 700% spike in attacks vs Israel, IRGC-affiliated CyberAv3ngers exploit Unitronics PLCs/HMIs (default creds, LOTL) in OT/ICS. No Justice wiper (e2531f) deployed via T1566/T1534. Cotton Sandstorm uses ASPX webshells, fake-ransomware; Pioneer Kitten abuses cloud for lateral movement. CISA advisories AA25-239A/AA25-343A highlight expanded targeting (DIB, water, energy). Hybrid state-criminal ransomware collab observed.

Source: https://www.safebreach.com/blog/an-update-on-the-heightened-threat-of-iranian-cyber-attacks/

#Cybersecurity #ThreatIntel