{ "id": "348500dc-1c55-4b77-88b3-85732e269c92", "created_at": "2026-04-06T00:18:59.244828Z", "updated_at": "2026-04-10T03:30:30.231454Z", "deleted_at": null, "sha1_hash": "e05e32e6a572ef6ac03cfd3b68c436bbca0ee46b", "title": "Iranian Hackers Launch a New US-Targeted Campaign as Tensions Mount", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2278439, "plain_text": "Iranian Hackers Launch a New US-Targeted Campaign as\r\nTensions Mount\r\nBy Andy Greenberg\r\nPublished: 2019-06-20 · Archived: 2026-04-05 13:47:57 UTC\r\nThree cybersecurity firms have identified phishing attacks stemming from Iran—that may lay the groundwork for\r\nsomething more destructive.\r\nIran's Revolutionary Guard Corps.Atta Kenare/AFP/Getty Images\r\nAll products featured on WIRED are independently selected by our editors. However, we may receive\r\ncompensation from retailers and/or from purchases of products through these links. Learn more.\r\nWhen two countries begin to threaten war in 2019, it's a safe bet that they've already been hacking each other's\r\nnetworks. Right on schedule, three different cybersecurity firms now say they've watched Iran's hackers try to gain\r\naccess to a wide array of US organizations over the past few weeks, just as military tensions between the two\r\ncountries rise to a breaking point—though it's not yet clear whether those hacker intrusions are aimed at\r\nintelligence gathering, laying the groundwork for a more disruptive cyberattack, or both.\r\nYou’ve read your last free article.\r\nhttps://www.wired.com/story/iran-hackers-us-phishing-tensions/\r\nPage 1 of 3\n\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters—cancel anytime.\r\nSTART FREE TRIAL\r\nAlready a subscriber? Sign In\r\nThe intersection of technology, power, and culture. Start your free trial and get access to 5 all-new premium\r\nnewsletters START FREE TRIAL\r\nhttps://www.wired.com/story/iran-hackers-us-phishing-tensions/\r\nPage 2 of 3\n\nAndy Greenberg is a senior writer for WIRED covering hacking, cybersecurity, and surveillance. He’s the author\r\nof the books Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency and Sandworm: A New\r\nEra of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers. His books ... Read More\r\nDon't Just Keep Up. Get Ahead\r\nSign up for the Daily newsletter to get our biggest stories, handpicked for you each day.\r\nSource: https://www.wired.com/story/iran-hackers-us-phishing-tensions/\r\nhttps://www.wired.com/story/iran-hackers-us-phishing-tensions/\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "MITRE" ], "references": [ "https://www.wired.com/story/iran-hackers-us-phishing-tensions/" ], "report_names": [ "iran-hackers-us-phishing-tensions" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null }, { "id": "8941e146-3e7f-4b4e-9b66-c2da052ee6df", "created_at": "2023-01-06T13:46:38.402513Z", "updated_at": "2026-04-10T02:00:02.959797Z", "deleted_at": null, "main_name": "Sandworm", "aliases": [ "IRIDIUM", "Blue Echidna", "VOODOO BEAR", "FROZENBARENTS", "UAC-0113", "Seashell Blizzard", "UAC-0082", "APT44", "Quedagh", "TEMP.Noble", "IRON VIKING", "G0034", "ELECTRUM", "TeleBots" ], "source_name": "MISPGALAXY:Sandworm", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "7bd810cb-d674-4763-86eb-2cc182d24ea0", "created_at": "2022-10-25T16:07:24.1537Z", "updated_at": "2026-04-10T02:00:04.883793Z", "deleted_at": null, "main_name": "Sandworm Team", "aliases": [ "APT 44", "ATK 14", "BE2", "Blue Echidna", "CTG-7263", "FROZENBARENTS", "G0034", "Grey Tornado", "IRIDIUM", "Iron Viking", "Quedagh", "Razing Ursa", "Sandworm", "Sandworm Team", "Seashell Blizzard", "TEMP.Noble", "UAC-0082", "UAC-0113", "UAC-0125", "UAC-0133", "Voodoo Bear" ], "source_name": "ETDA:Sandworm Team", "tools": [ "AWFULSHRED", "ArguePatch", "BIASBOAT", "Black Energy", "BlackEnergy", "CaddyWiper", "Colibri Loader", "Cyclops Blink", "CyclopsBlink", "DCRat", "DarkCrystal RAT", "Fobushell", "GOSSIPFLOW", "Gcat", "IcyWell", "Industroyer2", "JaguarBlade", "JuicyPotato", "Kapeka", "KillDisk.NCX", "LOADGRIP", "LOLBAS", "LOLBins", "Living off the Land", "ORCSHRED", "P.A.S.", "PassKillDisk", "Pitvotnacci", "PsList", "QUEUESEED", "RansomBoggs", "RottenPotato", "SOLOSHRED", "SwiftSlicer", "VPNFilter", "Warzone", "Warzone RAT", "Weevly" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434739, "ts_updated_at": 1775791830, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/e05e32e6a572ef6ac03cfd3b68c436bbca0ee46b.pdf", "text": "https://archive.orkl.eu/e05e32e6a572ef6ac03cfd3b68c436bbca0ee46b.txt", "img": "https://archive.orkl.eu/e05e32e6a572ef6ac03cfd3b68c436bbca0ee46b.jpg" } }