Prince of Persia ran a covert Iranian spy campaign for over a decade

For nearly two decades, an Iran-backed hacking group, known as Prince of Persia, has quietly operated since 2007, targeting governments, critical infrastructure, and dissidents of the Iranian regime. New research by cybersecurity firm SafeBreach Labs shows that the group has been using increasingly sophisticated malware to attack victims globally, remaining active despite several years without public detection.

Tomer Bar, VP of security research at SafeBreach, stated, “The scale of Prince of Persia’s activity is more significant than we originally anticipated,” detailing multiple campaigns using a large number of malware variants. The report highlights that the group is experimenting with widely used messaging platforms to manage infected machines and exfiltrate stolen data.

SafeBreach reported that newer Tonnerre variants redirect communications to a Telegram channel controlled by an individual with the Persian username @ehsan8999100. The group’s reach extends beyond Iran, with documented targets in Europe, Iraq, Turkey, India, and Canada.

To read the complete article, see: Cybernews