"A study by Augur Security, which uses AI and behavioral modeling to provide early identification and mapping of malicious infrastructure, demonstrates that numerous government-linked groups (either with MOIS or one of the Islamic Revolutionary Guard Corps - IRGC - cyber units) showed increased infrastructure activity in the six months prior to Epic Fury."
"Augur's analysis describes Iranian actors' typical multi-tier infrastructure designed to obscure origin. It starts from Sefroyek Pardaz Engineering, an Iranian ISP and hosting company based in Tehran. The second tier involves bulletproof hosting providers, such as Moldovan ALEXHOST and Wyoming-based shell company RouterHosting LLC, historically associated with infrastructure linked to Iranian threat actors."
"A third tier involves further shell companies. Such as Cloudblast, registered in the US but operating from Dubai and routing through a Netherlands-based upstream provider, further complicating investigation and enforcement with an additional jurisdiction layer. A second example, UltaHost has dual registration - UltaHost Inc in the US and ULTAHOST Ltd in the UK."
Iranian cyber activity escalated immediately following US/Israel military strikes in late February 2026, targeting America, Israel, and allied Gulf states. Analysis by Augur Security reveals that MOIS and IRGC-linked cyber groups showed increased infrastructure preparation months before the attacks commenced. Iranian threat actors employ sophisticated multi-tier infrastructure to obscure their origins, utilizing Iranian ISPs, bulletproof hosting providers in Moldova and Wyoming, and shell companies registered across multiple jurisdictions including the US, UK, and Dubai. This complex infrastructure network complicates investigation and enforcement efforts. Approximately 60 Iran-linked hacktivist groups currently operate, with evidence suggesting coordinated preparation rather than reactive response to military escalation.
#iranian-cyber-operations #apt-infrastructure #geopolitical-cyberattacks #threat-actor-preparation #multi-tier-hosting-networks
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]