Tag

Iran

4 briefs RSS

Iran's MOIS Expands Handala Brand to Physical Threat Operations

Iran's MOIS has broadened the Handala brand to encompass physical threat operations, recruiting proxies to conduct attacks, espionage, and sabotage against US and Israeli interests, amplifying both cyber and physical threats.

MOIS iran handala physical-threat influence-operations

1r 1t 2w ago

high threat

Screening Serpens APT Targets Tech and Defense Sectors with New RATs

2 rules 3 TTPs

The Iranian APT group Screening Serpens targeted the tech and defense sectors in the U.S., Israel, and the UAE between February and April 2026, deploying six new RAT variants from the MiniUpdate and MiniJunk V2 malware families, using tailored social engineering lures and AppDomainManager hijacking.

MiniUpdate +2 Screening Serpens APT Iran RAT MiniJunk DLL Sideloading AppDomainManager Cyberespionage

2r 3t 4w ago

critical threat

TeamPCP's CanisterWorm Kubernetes Wiper Targeting Iran

2 rules 1 TTP

TeamPCP's CanisterWorm is a newly identified Kubernetes wiper targeting Iranian infrastructure, indicating a politically motivated destructive attack.

TeamPCP kubernetes wiper iran canisterworm destructive-attack

2r 1t Mar 23, 2026

medium advisory

Iranian Botnet Operation Exposed via Open Directory

1 rule 1 TTP 1 IOC

An Iranian botnet operation utilizing a 15-node relay network and active C2 infrastructure was exposed through an open directory.

botnet iran C2

1r 1t 1i Mar 17, 2026