Threat Intelligence, Critical Infrastructure Security

Iranian cyberattacks ahead of US, Israel strikes discovered

Iran Flag Digital Binary Code Cyberpunk Technology Concept

SecurityWeek reports that Iranian advanced persistent threat operations have been preparing their attack infrastructure within six months prior to the joint U.S.-Israel missile strikes against the country late last month.

More than half a dozen CIDRs were discovered from MuddyWater over a 72-hour period in September, most of which were associated with an Estonian Autonomous System Number provider, findings from an Augur Security analysis revealed. Such activity was noted to be consistent with pre-operational infrastructure staging before the February 28 attack.

"This assessment for the temporal correlation is made with medium confidence that this specific buildup was in preparation for post-strike operations," said Augur.

Elevated activity was also observed with other Iranian APTs, including APT33 or Peach Sandstorm, APT34 or OilRig, APT35 or Charming Kitten, CyberAv3ngers, and Cotton Sandstorm or Emennet Pasargad. Meanwhile, at least 60 hacktivist groups, including Handala and Cyber Fattah, have since been activated by Iran in the wake of the U.S.-Israel attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds