An Iran state-backed group called Peach Sandstorm is using password spraying attacks to target cloud environments in organizations across many industries.
The Charming Kitten attack group is using new tools and tactics in recent operations, including a new macOS backdoor called NokNok.
Iranian threat groups are launching cyberattacks - or in some cases saying they are - and then sowing fear around the hacks through online influence operations.
The Iranian Cobalt Mirage threat group has been using the Drokbk malware in recent intrusions and employing GitHub repositories as dead drop resolvers.
The U.S. government indictments, sanctions and detailing of TTPs were part of a wave of actions against Iran-linked threat actors that allegedly targeted critical infrastructure organizations since 2020.