The Federal Bureau of Investigation (FBI), U.S. Cyber Command – Cyber National Mission Force (CNMF), the Department of the Treasury (Treasury), and the United Kingdom’s National Cyber Security Centre (NCSC) are disseminating this joint Cybersecurity Advisory (CSA) to highlight continued malicious cyber activity by cyber actors working on behalf of the Iranian Government’s Islamic Revolutionary Guard Corps (IRGC ).
This IRGC cyber activity is targeted against individuals with a nexus to Iranian and Middle Eastern affairs; such as current or former senior government officials, senior think tank personnel, journalists, activists, and lobbyists. Additionally, FBI has observed these actors targeting persons associated with US political campaign activity, likely in support of information operations. The authoring agencies believe the group and the cyber techniques remain an ongoing threat to various sectors worldwide, including but not limited to entities in their respective countries.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Leaks show Intellexa burning zero-days to keep Predator spyware running
December 5, 2025
Intellexa is a well-known commercial spyware vendor, servicing governments and large corporations. Its main product is the Predator spyware. An investigation by several independent parties describes Intellexa as one of the most notorious mercenary spyware vendors, still operating its Predator platform and hitting new targets even after being placed on US sanctions lists and being under ...
- CVE-2025-55182 React vulnerability could soon be exploited – so patch now
December 5, 2025
eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances. Earlier this week, the React team published a new security advisory detailing a pre-authentication bug in multiple versions ...
- Cloudflare says service restored after outage that brought down sites including Zoom and LinkedIn
December 5, 2025
Internet infrastructure company Cloudflare on Friday said it had restored services following an outage that took place in the morning and brought down several global websites including LinkedIn, Zoom and others, the second such crash to affect the company in less than three weeks. Cloudflare said the issue had been resolved and was not due to ...
- Sanctioned spyware maker Intellexa had direct access to government espionage victims, researchers say
December 4, 2025
Spyware maker Intellexa had remote access to some of its government customers’ surveillance systems, giving company staffers the ability to see the personal data of people whose phones had been hacked with its Predator spyware, according to new evidence published by Amnesty International. On Thursday, Amnesty and a coalition of media partners, including Israeli newspaper Haaretz, ...
- International takedown of cryptocurrency fraud network laundering over EUR 700 million
December 4, 2025
The final actions in a sweeping international operation have successfully dismantled a large-scale cryptocurrency fraud and money laundering network that had laundered over EUR 700 million. Coordinated across multiple jurisdictions, these actions, carried out last month and earlier this week, mark the culmination of years of investigation and the effective disruption of a criminal operation ...
- Freedom Mobile Confirms Customer Data Breach
December 4, 2025
Canadian telecommunications provider Freedom Mobile suffered a supply-chain attack recently, in which it lost sensitive data on a yet undisclosed number of customers. In a data breach notification letter posted on its website earlier this week, Freedom said hackers broke into an account of a subcontractor, through which they accessed personal information “of a limited number” ...