Tag: iran-nexus
All items tagged iran-nexus.
- Public administration — named European institutions and government data in the firing line
- Handala breaches California Water Service through an internet-exposed RTKBase GNSS platform — billing PII for ~2M customers leaked, no OT access
- Finance / payments — Stripe-abusing Magecart and OFAC Iran sanctions
- OFAC sanctions Nobitex and three Iranian exchanges as conduits for IRGC-affiliated ransomware proceeds
- Attackers social-engineer Meta's AI support chatbot into resetting Instagram passwords
- Iran MOIS attributed to LACMTA destructive breach via "Ababil of Minab" hacktivist front — 700 GB exfiltrated, backups and VMs deliberately destroyed
- MuddyWater / Seedworm — Symantec and Carbon Black document new DLL-side-loading pair via signed Fortemedia and SentinelOne binaries, ChromElevator for Chromium App-Bound Encryption bypass, Node.js orchestration
- UPDATE: Nimbus Manticore (UNC1549 / Screening Serpens) — Check Point details MiniFast backdoor, Zoom-task hijacking and SEO-poisoning delivery
- Transport — Iran-MOIS destructive breach against LACMTA with deliberate backup and VM destruction
- Unit 42 — Iran's Screening Serpens (UNC1549 / Smoke Sandstorm / Nimbus Manticore): AppDomainManager hijacking silently disables ETW + strong-name checks in six new RATs
- Unit 42 — ROADtools operationalised by Midnight Blizzard, Curious Serpens and UTA0355 for Entra ID device registration, token theft and tenant enumeration
- Symantec / Carbon Black document Fast16 hook engine targeting LS-DYNA/AUTODYN nuclear-simulation codes; Kim Zetter corrects "pre-Stuxnet" framing to contemporaneous-and-simulation-sabotage
- Midnight Blizzard and others operationalise ROADtools for Entra ID abuse
- Screening Serpens / UNC1549 (Iran; Smoke Sandstorm / Nimbus Manticore) — AppDomainManager hijacking in six new RATs
- MuddyWater (Iran / MOIS) Chaos ransomware false-flag + Teams BEC
- MuddyWater (Iran/MOIS) deploys Chaos ransomware as false flag; harvests credentials via Teams