Iranian state-sponsored threat actors have been observed utilizing new custom malware and techniques to target organizations across various sectors, including government, education, finance, healthcare, and defense, in both the US and UAE. These actors are actively involved in intelligence gathering and, in some cases, collaborating with ransomware gangs to extort victims. They are known to exploit vulnerabilities in VPNs, Citrix Netscaler, BIG-IP F5 devices, and other security tools, and have also been using fake job offers to recruit potential intelligence agents. This activity highlights the increasing sophistication and persistence of Iranian cyber operations.