CP
cyberpings
Threat IntelHIGH

Iranian APT Prince of Persia Evolves with New Malware Tactics

CWCyberWire DailyFeb 21, 2026
IranAPTPrince of PersiamalwareSafeBreach
🎯

Basically, a group of hackers linked to Iran has updated their methods and tools for cyber attacks.

Quick Summary

A new study reveals that the Iranian APT group, Prince of Persia, is still active and evolving. They’ve updated their malware and tactics, posing risks to online security. Cybersecurity experts are monitoring these developments closely to help protect users and organizations.

What Happened

Cybersecurity experts have recently uncovered that the Iranian nation-state APT? group known as Prince of Persia is still active and evolving. This revelation comes from a detailed study led by Tomer Bar at SafeBreach Labs. Contrary to earlier beliefs that the group had gone dark after 2022, researchers found that they have actually adapt?ed their strategies and tools.

The investigation highlights the emergence of new variants of Foudre and Tonnerre malware, which are key tools used by this group. Additionally, the research indicates that the group has expanded its campaign scale and maintains active command-and-control (C2) infrastructure, expected to persist through late 2025. A notable shift in their operations has been the use of Telegram for command-and-control, which enhances their ability to communicate and coordinate attacks.

Why Should You Care

You might think that state-sponsored hacking is a distant issue, but it directly impacts your digital life. If you use online services or apps, the tactics employed by groups like Prince of Persia could eventually affect you. Imagine if a hacker group could manipulate your favorite app or even your bank's online services — that’s the kind of threat we’re talking about.

The key takeaway is that nation-state actors are continuously refining their tactics, making it essential for everyone to stay informed about the evolving cyber threat landscape. This isn’t just a problem for governments; it’s a problem for all internet users. As these groups become more sophisticated, your personal data and online security are at greater risk.

What's Being Done

The cybersecurity community is actively monitoring the activities of the Prince of Persia group. SafeBreach Labs has provided critical insights into their operations, which can help organizations bolster their defenses. Here’s what you can do right now:

  • Stay updated on the latest cybersecurity news and threats.
  • Ensure your software and systems are regularly updated to protect against known vulnerabilities.
  • Use strong, unique passwords and consider multi-factor authentication for added security.

Experts are closely watching for further developments in the group’s tactics and any new malware variants that may emerge. The ongoing research will help shape defensive strategies against these evolving threats.

💡 Tap dotted terms for explanations

🔒 Pro insight: The shift to Telegram for C2 indicates an adaptation to evade traditional detection methods, raising the stakes for threat intelligence.

Original article from

CyberWire Daily

Read Full Article

Share

Related Pings

HIGHThreat Intel

Alignment: The Key to Cybersecurity Success

Organizations are prioritizing alignment in cybersecurity to enhance their defenses. This affects everyone, as misalignment can leave your data exposed. Companies are now investing in training and collaboration to strengthen their security posture. Stay informed about how these changes impact your safety online.

Anthropic Research·Today, 3:38 AM
HIGHThreat Intel

FBI Probes Suspicious Cyber Activity on Surveillance Systems

The FBI is looking into suspicious cyber activity affecting sensitive surveillance systems. This could impact privacy and data security. Stay informed and review your own security practices.

SecurityWeek·Today, 1:01 AM
MEDIUMThreat Intel

AI-Powered Cyber Defense: Trump's New Strategy Unveiled

The Trump administration has announced a new cybersecurity strategy focusing on AI for defense. While promising, it lacks crucial details. This could affect your online security, so stay informed about developments.

Cybersecurity Dive·Yesterday, 10:36 PM
HIGHThreat Intel

Iran's MuddyWater Breaches Multiple U.S. Organizations

Iran's MuddyWater hacking group has breached multiple U.S. organizations, raising significant security alarms. These attacks could compromise sensitive information and disrupt essential services. The FBI is investigating, and Cisco has issued critical patches to address vulnerabilities.

CyberWire Daily·Yesterday, 9:30 PM
HIGHThreat Intel

MuddyWater APT Hits U.S. Organizations with Dindoor Malware

MuddyWater, an Iranian hacker group, is targeting U.S. organizations with new Dindoor malware. Banks, airports, and nonprofits are at risk of data breaches and disruptions. Cybersecurity teams are responding with updates and monitoring measures to protect sensitive information.

Security Affairs·Yesterday, 8:05 PM
HIGHThreat Intel

North Korean Threat Groups Exploit AI for Fake Worker Schemes

North Korean hackers are using AI to create fake job applicants. This tactic poses serious risks to companies and their sensitive data. Microsoft warns organizations to enhance their recruitment processes to combat this growing threat.

CyberScoop·Yesterday, 7:16 PM