Threats Tagged 'iranian threat actor'
View all threats tagged with 'iranian threat actor'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'iranian threat actor'
Click on any threat for detailed analysis and mitigation recommendations
"Handala Hack" - Unveiling Group's Modus Operandi 0 Handala Hack, an online persona operated by Void Manticore, is affiliated with Iranian intelligence services. The group, known for destructive wiping attacks and hack-and-leak operations, has targeted organizations in Israel, Albania, and the US. Their tactics include supply chain attacks, credential theft, and manual intrusions. The group deploys multiple wiping methods simultaneously, including custom malware, PowerShell scripts, and disk encryption. Recent activities show expanded targeting and some new techniques, such as using NetBird for tunneling and AI-assisted wiping scripts. Despite some operational security lapses, Handala continues to pose a significant threat, primarily through hands-on, opportunistic attacks. Join the discussion | AlienVault OTX General | 03/16/2026, 10:24:13 UTC Added: 03/16/2026, 10:35:06 UTC |
Crossed wires: a case study of Iranian espionage and attribution 0 The UNK_SmudgedSerpent threat actor, likely linked to Iranian espionage efforts, targeted academics and foreign policy experts from June to August 2025 using phishing campaigns with domestic political and health-related lures. The actor employed Remote Management & Monitoring (RMM) tools and credential harvesting techniques, showing overlapping tactics with known Iranian groups such as TA455, TA453, and TA450. Although attribution is not definitive, the targeting aligns with Iranian intelligence priorities, focusing on sensitive policy and academic sectors. The campaign's medium severity reflects moderate impact potential without known exploits in the wild. European organizations involved in foreign policy, academia, and research are at risk, especially in countries with strong diplomatic ties or geopolitical interest in Iran. Mitigation requires targeted user awareness, strict monitoring of RMM tool usage, and enhanced email filtering tuned to political and health-themed lures. Countries like Germany, France, the UK, Italy, and the Netherlands are most likely affected due to their active academic communities and diplomatic engagement with Iran. The threat's medium severity is due to its espionage focus, moderate ease of exploitation via phishing, and the absence of widespread destructive payloads or zero-day exploits. Defenders should prioritize detection of credential harvesting and suspicious RMM activity while maintaining vigilance for evolving Iranian espionage tactics. Join the discussion | AlienVault OTX General | 11/05/2025, 19:04:52 UTC Added: 11/05/2025, 21:52:26 UTC |
Showing 1 to 2 of 2 results