HackRead reports Iranian advanced persistent threat operation Prince of Persia, also known as Infy, has reemerged with expanded targeting and a more sophisticated attack arsenal almost three years after it went on hiatus.
Despite continuing to harness the Foudre and Tonnerre malware pair, Prince of Persia has gone to update the former, which has been launched upon Foudre's discovery of high-value targets, according to a SafeBreach analysis. Aside from executing multiple variants in parallel to obscure illicit activity, Prince of Persia has also tapped the Amaq News Finder, MaxPinner v8, and Deep Freeze malware variants to enable Telegram espionage, said researchers, who also noted the Iranian APT's usage of Telegram for malicious software control. However, Prince of Persia was found to have had a "fixed time gap" in its server's file-naming scheme that allowed access to exfiltrated data since 2021.
Such findings have prompted SafeBreach Vice President of Security Research Tomer Bar to warn about the persistent threat posed by Prince of Persia.
Despite continuing to harness the Foudre and Tonnerre malware pair, Prince of Persia has gone to update the former, which has been launched upon Foudre's discovery of high-value targets, according to a SafeBreach analysis. Aside from executing multiple variants in parallel to obscure illicit activity, Prince of Persia has also tapped the Amaq News Finder, MaxPinner v8, and Deep Freeze malware variants to enable Telegram espionage, said researchers, who also noted the Iranian APT's usage of Telegram for malicious software control. However, Prince of Persia was found to have had a "fixed time gap" in its server's file-naming scheme that allowed access to exfiltrated data since 2021.
Such findings have prompted SafeBreach Vice President of Security Research Tomer Bar to warn about the persistent threat posed by Prince of Persia.




