Threat Management, Threat Intelligence, Threat Hunting

Increased sophistication showcased by reemergent Prince of Persia APT

Flag of Iran on binary code

HackRead reports Iranian advanced persistent threat operation Prince of Persia, also known as Infy, has reemerged with expanded targeting and a more sophisticated attack arsenal almost three years after it went on hiatus.

Despite continuing to harness the Foudre and Tonnerre malware pair, Prince of Persia has gone to update the former, which has been launched upon Foudre's discovery of high-value targets, according to a SafeBreach analysis. Aside from executing multiple variants in parallel to obscure illicit activity, Prince of Persia has also tapped the Amaq News Finder, MaxPinner v8, and Deep Freeze malware variants to enable Telegram espionage, said researchers, who also noted the Iranian APT's usage of Telegram for malicious software control. However, Prince of Persia was found to have had a "fixed time gap" in its server's file-naming scheme that allowed access to exfiltrated data since 2021.

Such findings have prompted SafeBreach Vice President of Security Research Tomer Bar to warn about the persistent threat posed by Prince of Persia.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds