ALL POSTS

Key Findings A dark web marketplace called Threat Market is listing 375 terabytes of alleged Lockheed Martin data for $600 million, with an alternative $374 million price tag The data was allegedly provided by a group claiming to be "APT IRAN" starting March 26, 2026 A separate Iran-linked group called Handala Hack Team claimed around the same time to have accessed personal data of Lockheed Martin engineers and employees No verification of the breach has been confirmed by Loc

Key Findings * Iran-linked Handala Hack Team claims cyberattacks against Stryker Corporation and Verifone on March 11 * Stryker confirms a network disruption; Verifone denies any breach * Handala claims to have wiped 200,000 systems and extracted 50 terabytes of data from Stryker * The group alleges the attack was retaliation for a missile strike on an Iranian school * Verification of claims is ongoing and independent confirmation is pending Background The Handala Hack Team,

Key Findings: Iran-linked hackers targeted IP cameras across Israel and several Gulf countries, including the UAE, Qatar, Bahrain, and Kuwait, as well as Lebanon and Cyprus. The goal appears to be reconnaissance and real-time monitoring to support intelligence gathering and potential military targeting. Threat actors targeted vulnerabilities in Hikvision and Dahua IP cameras, such as improper authentication, command injection, and remote code execution flaws. Scanning and exp

Key Findings Iran-linked MuddyWater (aka SeedWorm) APT group targeted U.S. organizations, including banks, airports, nonprofits, and a software supplier to the defense and aerospace sectors The group deployed a previously unknown backdoor called Dindoor, which leverages the Deno JavaScript runtime for execution An attempt was made to exfiltrate data from the targeted software company using the Rclone utility to a Wasabi cloud storage bucket A separate Python backdoor called F

Background The RedKitten cyber campaign is suspected to be linked to Iranian state interests and is targeting non-governmental organizations (NGOs) and individuals involved in documenting recent human rights abuses in Iran. The campaign was observed by the French cybersecurity company HarfangLab in January 2026, coinciding with the nationwide unrest in Iran that began towards the end of 2025. The unrest in Iran was sparked by soaring inflation, rising food prices, and currenc

Key Findings Iran has imposed a nationwide internet blackout amid widespread protests, severely restricting global connectivity. However, a limited surge of traffic was detected from select Iranian academic institutions, suggesting potential "whitelisting" tests. The fluctuations in connectivity for these academic networks indicate a strategic assessment of restricting global access to a limited elite. Tehran accounted for the majority of the observed academic traffic, likely