Threat Research

Boggy Serpens (also known as MuddyWater), an Iranian state-linked threat group associated with MOIS, continues to conduct cyberespionage campaigns targeting diplomatic entities and critical infrastructure sectors such as energy, maritime, and finance....

On 28 February 2026, the US and Israel launched strikes inside Iran in a campaign named Operation Epic Fury, targeting missiles, air defenses, military infrastructure, and leadership assets. Iran retaliated with missile and drone attacks against US embassies and military bases across the region....

Between 2024 and March 2026, the geopolitical landscape around Iran has shifted dramatically. What was once a tense but predictable standoff has escalated into a major regional crisis. In 2024, Iran began moving from proxy warfare toward direct military confrontation, marked by ballistic missile exchanges with Israel....

Seedworm (also known as MuddyWater) has been observed conducting cyber espionage activities against multiple organizations in the United States and Canada since early 2026. Targeted entities include a U.S. bank, airport, defense-related software company, and non-profit organizations....

Rising tensions between the United States, Israel, and Iran have increased the likelihood of cyber operations accompanying military activity. Iranian state-aligned threat actors have historically targeted sectors such as energy, financial services, government, and defense to weaken response capabilities before or during conflict....

A dramatic and dangerous phase in Middle Eastern geopolitics has begun with open conflict between Iran, Israel, and the United States. Last week, U.S. and Israeli forces launched Operation Lion’s Roar, targeting Iranian military and nuclear facilities. Iran responded with retaliation, escalating the conflict across the region....

Recent escalations between Iran, the U.S., and Israel have coincided with increased cyber threat activity across the Middle East. Destructive incidents, including kinetic attacks affecting AWS data centers in the UAE and Bahrain, have disrupted regional cloud services....

On Feb. 28, 2026, joint US–Israel strikes reduced Iran’s internet connectivity to 1–4%, disrupting leadership communications and degrading command-and-control across state networks. Security teams identified an SMS/phishing campaign distributing a trojanized Israeli Home Front Command RedAlert APK for surveillance and data exfiltration....

On 28 February 2026, U.S. and Israeli forces launched combined air and cyber attacks that disrupted Iranian communications networks and critical systems....

In January 2026, ThreatLabz identified activity by a suspected Iran-linked threat actor targeting Iraqi government officials. The team uncovered previously undocumented malware: SPLITDROP, TWINTASK, TWINTALK, and GHOSTFORM. Analysis revealed strong overlap in tools, techniques, procedures (TTPs), and victimology with known Iran-nexus APT operations. Based on this evidence,...