svoboda.center Logo svoboda.center

Svoboda Cybersecurity Brief December 22, 2025

Private VPN — just $1.2/mo

Iranian Infy APT Group Resurfaces with Updated Malware

After nearly five years of inactivity, the Iranian threat actor Infy (Prince of Persia) has resumed operations with updated versions of its malware Foudre (v34) and Tonnerre (v12-18, 50). The group targets victims in Iran, Iraq, Turkey, India, Canada, and Europe via phishing emails, now embedding executables in Excel files instead of macros. Notably, the malware uses RSA signature validation for C2 authentication and leverages Telegram for command execution.
Source: The Hacker News

Charming Kitten APT Linked to Moses Staff Ransomware Operations

Analysis of Charming Kitten (APT35) leaks reveals the group operates like a government department, managing both espionage and ransomware operations under the Moses Staff persona. The group shares tooling, targets, and financial systems between its propaganda and cyber-espionage divisions.
Source: The Hacker News

Share this brief: https://svo.bz/PHlK

If you want to support us, you can donate here: Donate