Cyber Threats from Iran
Understand more about cyber threat actors and intrusion sets attributed to Iran.
Cyber Threat Graph
Explore how the related entities on the cyber threat graph.
Intrusion Sets
Cyber intrusion sets attributed to Iran.
APT33
APT33 is a cyber espionage group tracked by researchers at Mandiant. The group has been active since at least 2013, and is believed to be working ...
APT35
APT35 is an intrusion set tracked by researchers at Mandiant. The group has been attributed to Iran and has been observed conducting operations ...
Charming Kitten
Charming Kitten is an adversary tracked by Crowd Strike and attributed to the Islamic Revolutionary Guard Corps (IRGC). The actor has reportedly ...
CharmingCypress
CharmingCypress is an intrusion set tracked by Volexity and attributed to Iran - showing overlaps with Charming Kitten / APT42 / TA453. Volexity ...
Curious Serpens
Curious Serpens (also known as Peach Sandstorm, APT33, Elfin, HOLMIUM, MAGNALIUM, or REFINED KITTEN) is a suspected Iranian-affiliated espionage ...
CyberAv3ngers
The CyberAv3ngers (Cyber Av3ngers) are an Iranian intrusion set affiliated with the Islamic Revolutionary Guard Corps (IRGC). They are known for ...
Mint Sandstorm
Mint Sandstorm is a cyber intrusion set attributed to Iran and tracked by Microsoft threat researchers. Microsoft previously referred to this ...
PHOSPHORUS
PHOSPHORUS is a cyber intrusion set formerly tracked by Microsoft and attributed to Iran. The group has been observed employing persistent social ...
Peach Sandstorm
Peach Sandstorm is an Iranian threat group tracked by Microsoft Threat Intelligence and observed targeting global organizations for intelligence ...
Refined Kitten
REFINED KITTEN is a cyber intrusion set tracked by CrowdStrike and linked to Iran's IRGC. The group has been tied to espionage operations since ...
Threat Actors
Cyber threat actors attributed to Iran.
IRGC-Intelligence Organisation
Some cyber security vendors (including Sekoia.io) attribute a subset of Iranian threat actors to the Islamic Revolutionary Guard Corps - ...
Islamic Revolutionary Guard Corps (IRGC)
The Islamic Revolutionary Guard Corps (IRGC) is a branch of the Iranian Armed Forces which has been designated as a terrorist organisation by US ...
Threat Reports
Publicly available threat reporting on cyber attacks and campaigns attributed to Iran.
Curious Serpens’ FalseFont Backdoor: Technical Analysis, Detection and Prevention
This article by researchers at Unit 42 discusses the FalseFont backdoor used by Curious Serpens, an Iranian-affiliated espionage group targeting ...
IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities
This advisory from CISA and partners describes activity by IRGC-affiliated cyber actors "CyberAv3ngers". According to the advisory, the ...
CharmingCypress: Innovating Persistence
This report by Volexity outlines campaigns conducted by the actor they call CharmingCypress (aka Charming Kitten). The report describes targeting ...
Nation-state threat actor Mint Sandstorm refines tradecraft to attack high-value targets
This report from Microsoft Threat Intelligence describes a subset of activity related to the Mint Sandstorm actor. The campaign includes the theft ...