Foudre
-
Infy resumes operations with new C2 infrastructure after nationwide outage
Infy paused C2 activity on January 8, 2026 and reestablished new command and control servers on January 26, 2026, deploying Tornado version 51 and new delivery methods that include a weaponized WinRAR SFX.
-
Iran-linked APT Infy resurfaces with updated Foudre and Tonnerre malware
SafeBreach and other researchers reported renewed activity by the Iranian APT known as Infy (Prince of Persia), documenting updated Foudre and Tonnerre malware, use of a domain generation algorithm for C2 resilience, and a Telegram-based channel in recent campaigns affecting targets in the Middle East, India, Canada and Europe.
