CyberSecurity news

FlagThis - #espionage

Rescana@Rescana //

Iran Increasing Cyberattacks Amidst Regional Conflict

Amidst escalating regional conflicts, Iran has taken the drastic measure of shutting down internet access for its citizens, a move the government defends as a necessary precaution against Israeli cyberattacks. This disruption has severely impacted communication within the country, leaving Iranians abroad unable to connect with loved ones. One such individual, Amir Rashidi, expressed his anxiety, stating he hadn't heard from his family in two days and was relying on someone else for updates. The situation highlights the growing intersection of cyber warfare and real-world consequences for civilians.

The internet blackout is not the first instance of Iran limiting connectivity. In the past, similar restrictions were imposed during periods of political unrest, such as protests in 2019 and 2022. These shutdowns are implemented by pushing people towards domestic apps, which are often less secure, while also severely restricting access to vital information. Experts like Doug Madory from Kentik have documented significant drops in internet connectivity within Iran following recent Israeli airstrikes, with reductions of 54% initially, followed by further declines of 49% and, subsequently, a staggering 90%.

In a defensive maneuver against cyber threats, Iran is throttling its National Internet Infrastructure. The country claims it is restricting internet connectivity to counter cyber attacks amid regional conflict. The stated aim is to impede cyber intrusions and the synchronization of adversarial operations. An example of the threats Iran faces is demonstrated by the Israeli-linked hackers who seized and burned $90 million from Iran's Nobitex exchange.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • infosec.exchange: NEW: Iran's government has now admitted that it took down the internet in the country, arguing that it did to protect against Israeli cyberattacks. I spoke to two Iranians who live abroad and can't communicate with their loved ones back home because of the blackout.
  • WIRED: Iran is limiting internet connectivity for citizens amid Israeli airstrikes—pushing people towards domestic apps, which may not be secure, and limiting their ability to access vital information. —
  • Rescana: Iran National Internet Infrastructure Throttling: Cyber Defense Strategy to Prevent Attacks Amid Regional Conflict
  • Cyber Florida at USF: CIP Flash Bulletin | Heightened Iranian Cyber Threat Activity
  • www.scworld.com: DHS: Attacks on US critical infrastructure likely following Iran strikes
  • Arctic Wolf: Cybersecurity Risks Amid Rising Iran–U.S. Tensions
  • : Sysdig Threat Bulletin: Iranian Cyber Threats
  • Tidal Cyber Blog: Iran Cyber Threat Assessment and Defensive Guidance
  • arcticwolf.com: Cybersecurity risks amid rising Iran-U.S. tensions after US strikes.
  • Metacurity: DHS warns of likely Iranian cyberattacks following US missile strikes.
  • nsfocusglobal.com: The Hacktivist Cyber Attacks in the Iran-Israel Conflict
  • www.esecurityplanet.com: US Warns of Iranian Cyber Threats as Tensions Rise Over Middle East Conflict
  • Security Risk Advisors: Iran-Linked Cyber Fattah Leaks Saudi Games Athletes and Visitors Data
  • abcnews.go.com: Iranian-backed hackers at work after US strikes
  • news.sky.com: Businesses urged to strengthen cyber defences amid increase in Iran-adjacent attacks
  • Unit 42: Threat Brief: Escalation of Cyber Risk Related to Iran
  • Tenable Blog: Cybersecurity Snapshot: U.S. Gov’t Urges Adoption of Memory-Safe Languages and Warns About Iran Cyber Threat
Classification:
Eric Geller@cybersecuritydive.com //

China-Linked Groups Target Global Organizations Cyber Espionage

SentinelOne, a cybersecurity firm, has revealed that it was the target of a year-long reconnaissance campaign by China-linked espionage groups, identified as APT15 and UNC5174. This campaign, dubbed "PurpleHaze," involved network reconnaissance and intrusion attempts, ultimately aiming to gather strategic intelligence and potentially establish access for future conflicts. SentinelOne discovered the campaign when the suspected Chinese spies tried to break into the security vendor's own servers in October 2024. The attempted intrusion on SentinelOne's systems failed, but it prompted a deeper investigation into the broader campaign and the malware being used.

The investigation revealed that over 70 organizations across multiple sectors globally were targeted, including a South Asian government entity and a European media organization. The attacks spanned from July 2024 to March 2025 and involved the use of ShadowPad malware and post-exploitation espionage activity. These targeted sectors include manufacturing, government, finance, telecommunications, and research. The coordinated attacks are believed to be connected to Chinese government spying programs.

SentinelOne has expressed high confidence that the PurpleHaze and ShadowPad activity clusters can be attributed to China-nexus threat actors. This incident underscores the persistent threat that Chinese cyber espionage actors pose to global industries and public sector organizations. The attack on SentinelOne also highlights that cybersecurity vendors themselves are prime targets for these groups, given their deep visibility into client environments and ability to disrupt adversary operations. SentinelOne recommends that more proactive steps are taken to prevent future attacks.

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • The Register - Security: Chinese spy crew appears to be preparing for conflict by backdooring 75+ critical orgs
  • hackread.com: Chinese-Linked Hackers Targeted 70+ Global Organizations, SentinelLABS
  • www.scworld.com: FAILED ATTACK ON SENTINELONE REVEALS CAMPAIGN BY CHINA-LINKED GROUPS
  • The Hacker News: Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group
  • www.cybersecuritydive.com: SentinelOne rebuffs China-linked attack — and discovers global intrusions
  • SecureWorld News: Chinese Hackers Target SentinelOne in Broader Espionage Campaign
  • securityaffairs.com: China-linked threat actor targeted +70 orgs worldwide, SentinelOne warns
  • Cyber Security News: New Report Reveals Chinese Hackers Targeted to Breach SentinelOne Servers
  • www.sentinelone.com: The security firm said the operatives who tried to breach it turned out to be responsible for cyberattacks on dozens of critical infrastructure organizations worldwide.
  • BleepingComputer: SentinelOne shares new details on China-linked breach attempt
  • cyberpress.org: A newly published technical analysis by SentinelLABS has exposed a sophisticated, multi-phase reconnaissance and intrusion campaign orchestrated by Chinese-nexus threat actors, aimed explicitly at SentinelOne’s digital infrastructure between mid-2024 and early 2025.
  • gbhackers.com: New Report Reveals Chinese Hackers Attempted to Breach SentinelOne Servers
  • industrialcyber.co: SentinelOne links ShadowPad and PurpleHaze attacks to China-aligned threat actors
Classification:

Posts

Blogs

Research Tools