IRGC
-
Amazon finds Iran-linked hackers using cyber reconnaissance to aid physical attacks
Amazon’s threat intelligence team reported that Iran-linked hackers conducted digital reconnaissance, including targeting ship AIS and CCTV, to support physical attacks—a trend the company calls cyber-enabled kinetic targeting.
-
Israel agency says Iran-linked APT42 ran espionage campaign targeting officials and family members
Israel’s National Digital Agency says an Iran-linked threat actor known as APT42 has been running a campaign called SpearSpecter since early September 2025 that uses personalised social engineering to target senior officials and their family members and deploys a PowerShell backdoor for persistent access.
-
Proofpoint links new UNK_SmudgedSerpent cluster to targeted phishing of Iran experts
Proofpoint has identified a new threat cluster, UNK_SmudgedSerpent, that used political lures, impersonation and malicious installers to target academics and Iran policy experts between June and August 2025, deploying RMM tools including PDQ Connect and possibly ISL Online.
-
Iranian-linked hackers expand European operations with fake job portals and new malware, researchers say
Security researchers say Iranian government-backed attackers are targeting Western Europe with fake job portals and new Minibike malware, including MiniJunk and MiniBrowse, delivered through a multi-stage DLL sideloading chain. The operation focuses on Denmark, Portugal, and Sweden and appears linked to broader Iran-aligned threat activity.
-
Iran-linked Subtle Snail Targets European Telecoms in LinkedIn Recruitment Scheme, 34 Devices Infected
A Iran-linked cyber espionage group known as UNC1549, also called Subtle Snail, has been attributed to a campaign against European telecommunications firms, infiltrating 34 devices across 11 organizations through LinkedIn-based recruitment lures and a modular backdoor named MINIBIKE designed for long-term data exfiltration.
