Iranian threat groups are launching cyberattacks - or in some cases saying they are - and then sowing fear around the hacks through online influence operations.
The Iranian Cobalt Mirage threat group has been using the Drokbk malware in recent intrusions and employing GitHub repositories as dead drop resolvers.
The U.S. government indictments, sanctions and detailing of TTPs were part of a wave of actions against Iran-linked threat actors that allegedly targeted critical infrastructure organizations since 2020.
Iranian threat actor TA453 has been sending spear-phishing emails that impersonate real individuals from Western foreign policy research institutions.
The White House and the Albanian government blamed Iranian government-supported actors for a July attack on Albania infrastructure, and said futrher action would be forthcoming.