Cybersecurity

Iran-Linked Hackers Destroy IT, Backups, and Recovery Systems in Cyberattack targeting Middle East

57 sec read3 views0 listens

Summary

A cyber attack attributed to the Iranian threat group APT39 (also known as Charming Kitten) has resulted in significant damage to IT infrastructure, backups, and recovery systems across multiple organizations in the Middle East. The attackers used a malware called "FileFiend" to exfiltrate data and destroy critical files on compromised machines.

Key Points

Threat Actor: APT39 (Charming Kitten), an Iranian threat group.
Targeted Organizations: Multiple organizations across the Middle East, including those in Jordan, Lebanon, and Saudi Arabia.
Malware Used: "FileFiend," a custom-built malware that can exfiltrate data and destroy files on compromised machines.
Attack Vectors:
- Initial compromise through phishing emails or social engineering tactics.
- Use of proxychains for RDP access and download tunneling.
Impact:
- Destruction of IT infrastructure, backups, and recovery systems.
- Data exfiltration from compromised networks.

Technical Details

FileFiend: A custom malware that masquerades as a legitimate file exchange tool (Exchangedb.exe). It is designed to exfiltr

Read the full article at Cyber Security News

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

GitHub Hacks Highlights Need for Repository Security

A recent GitHub attack, codenamed Megalodon, saw over 5,000 malicious commits pushed to repositories within six hours, highlighting the need for enhanced security measures in software development environments. This underscores the vulnerability of co...

Ali Nemati

Cybersecurity7 hours ago25 sec read

InfoSec News Nuggets - June 1, 2026

A phishing campaign is targeting journalists and activists with fake Signal messages to steal their backup recovery keys, granting attackers access to encrypted message archives. This attack highlights the vulnerability of high-risk users who rely on...

Ali Nemati

Cybersecurity7 hours ago1m & 3 s read

Iranian Hackers Abuse AppDomainManager Hijacking to Evade EDR Detection

Summary A new report from Cybereason reveals that Iranian hackers have been exploiting a security vulnerability in Microsoft's AppDomainManager component to evade detection by Endpoint Detection and Response (EDR) systems. This tactic involves hijack...

Ali Nemati

Cybersecurity7 hours ago1m & 10 s read

SideCopy Hackers Deploy Persistent XenoRAT Malware to Target Afghanistan Finance Ministry

The article discusses a cyber attack carried out by the SideCopy hacking group, targeting the finance ministry of Afghanistan. The hackers used XenoRAT malware to gain persistent access and control over the targeted systems. Key points from the repor...

Ali Nemati

Cybersecurity9 hours ago29 sec read

The Gentlemen ransomware combines advanced encryption with self-propagation, targeting critical sectors

The Gentlemen ransomware, a new RaaS operation, employs advanced per-file ephemeral key encryption alongside aggressive self-propagation techniques to compromise entire enterprise networks. This is critical for cybersecurity professionals and develop...

Ali Nemati

Iran-Linked Hackers Destroy IT, Backups, and Recovery Systems in Cyberattack targeting Middle East

Summary

Key Points

Technical Details

Related Articles

GitHub Hacks Highlights Need for Repository Security

InfoSec News Nuggets - June 1, 2026

Iranian Hackers Abuse AppDomainManager Hijacking to Evade EDR Detection

SideCopy Hackers Deploy Persistent XenoRAT Malware to Target Afghanistan Finance Ministry

The Gentlemen ransomware combines advanced encryption with self-propagation, targeting critical sectors