Iranian Nation-State APT Targeting Networks and Critical Infrastructure Organizations

SafeBreach analysts identified this renewed activity after a three-year dormant period, noting the group’s transition to more resilient operational security practices.

Their research highlighted the group’s use of distinct malware families, Foudre and Tonnerre, which now feature advanced capabilities for persistence and data theft.

The investigation also linked the operation to a specific persona, “Ehsan,” suggesting a centralized and human-operated management of the campaign’s infrastructure.

Read more.