{ "Event": { "analysis": "1", "date": "2026-03-02", "extends_uuid": "", "info": "[Threat Intel] Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran", "protected": false, "publish_timestamp": "1772824047", "published": true, "threat_level_id": "3", "timestamp": "1772824047", "uuid": "9c6bc963-4d6f-45e9-a87e-6dcc3a0bafd8", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#0afe32", "local": false, "name": "misp-galaxy:producer=\"Palo Alto\"", "relationship_type": "" }, { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"from-OTX\"", "relationship_type": "" }, { "colour": "#7773ac", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"External Remote Services - T1133\"", "relationship_type": "" }, { "colour": "#77a4ec", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Email Collection - T1114\"", "relationship_type": "" }, { "colour": "#870443", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Spearphishing Link - T1192\"", "relationship_type": "" }, { "colour": "#9feaf0", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exploit Public-Facing Application - T1190\"", "relationship_type": "" }, { "colour": "#65d24c", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Identity Information - T1589\"", "relationship_type": "" }, { "colour": "#454726", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Infrastructure - T1584\"", "relationship_type": "" }, { "colour": "#b206a3", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Compromise Accounts - T1586\"", "relationship_type": "" }, { "colour": "#3780c6", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"User Execution - T1204\"", "relationship_type": "" }, { "colour": "#4b76ad", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Org Information - T1591\"", "relationship_type": "" }, { "colour": "#2da3e8", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Gather Victim Network Information - T1590\"", "relationship_type": "" }, { "colour": "#00f752", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Alternative Protocol - T1048\"", "relationship_type": "" }, { "colour": "#1b95cd", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Phishing - T1566\"", "relationship_type": "" }, { "colour": "#36d931", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Encrypted for Impact - T1486\"", "relationship_type": "" }, { "colour": "#afd4c9", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Endpoint Denial of Service - T1499\"", "relationship_type": "" }, { "colour": "#6440db", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Establish Accounts - T1585\"", "relationship_type": "" }, { "colour": "#251b6b", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Obtain Capabilities - T1588\"", "relationship_type": "" }, { "colour": "#a05856", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Data Destruction - T1485\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Drive-by Compromise - T1189\"", "relationship_type": "" }, { "colour": "#37ffb5", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Network Denial of Service - T1498\"", "relationship_type": "" }, { "colour": "#cf2da1", "local": false, "name": "misp-galaxy:mitre-attack-pattern=\"Develop Capabilities - T1587\"", "relationship_type": "" }, { "colour": "#26fab6", "local": false, "name": "misp-galaxy:target-information=\"Israel\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"iran\"", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#130049", "local": false, "name": "rectifyq:sub-category=\"campaign-analysis\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#ffd12e", "local": false, "name": "rectifyq:target=\"broad-based\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"MalwareBazaar\"", "relationship_type": "" }, { "colour": "#626567", "local": false, "name": "rectifyq:no-samples-in=\"Tria.ge\"", "relationship_type": "" }, { "colour": "#3800d9", "local": false, "name": "rectifyq:action-taken=\"VT-comment\"", "relationship_type": "" }, { "colour": "#3d00e9", "local": false, "name": "rectifyq:action-taken=\"telegram\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772593219", "to_ids": false, "type": "link", "uuid": "36e12a7c-6ee8-495a-b13e-ab9833f0b735", "value": "https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/" }, { "category": "Other", "comment": "Description", "deleted": false, "disable_correlation": false, "timestamp": "1772593219", "to_ids": false, "type": "text", "uuid": "b597718e-39ba-4ae4-8ec7-d4a4d1b342af", "value": "A significant joint offensive by the US and Israel has triggered a multi-vector retaliatory campaign from Iran, leading to an escalation in cyberattacks. Iran's limited internet connectivity is likely hindering state-aligned threat actors' ability to coordinate sophisticated attacks. Hacktivist groups are targeting perceived adversaries, while other nation-state actors may exploit the situation. Observed activities include phishing campaigns, DDoS attacks, data exfiltration, and wiper attacks. Multiple Iranian state-aligned personas and collectives have claimed responsibility for various disruptive operations. Pro-Russian hacktivist groups have also been active, targeting Israeli systems and infrastructure. The situation remains fluid, and organizations are advised to implement multi-layered defenses and focus on foundational security hygiene." }, { "category": "Other", "comment": "Summary", "deleted": false, "disable_correlation": false, "timestamp": "1772593219", "to_ids": false, "type": "text", "uuid": "872efa28-40c5-4491-b397-3d69af43c5d8", "value": "Name: Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran\nAuthor: AlienVault\nAdversary: \nTags: [\"hacktivism\", \"ddos\", \"state-sponsored\", \"iran\", \"redalert\", \"phishing\", \"espionage\", \"critical infrastructure\", \"ransomware\", \"supply chain\", \"geopolitical conflict\"]\nTgtd countries: [\"Israel\"]\nMlwr families: [\"RedAlert\"]\nAttack_ids: [\"T1133\", \"T1114\", \"T1192\", \"T1190\", \"T1589\", \"T1584\", \"T1586\", \"T1204\", \"T1591\", \"T1590\", \"T1048\", \"T1566\", \"T1486\", \"T1499\", \"T1585\", \"T1588\", \"T1485\", \"T1189\", \"T1498\", \"T1587\"]\nIndustries: [\"Defense\", \"Energy\", \"Finance\", \"Government\", \"Healthcare\", \"Technology\", \"Telecommunications\", \"Transportation\"]" }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772809754", "to_ids": true, "type": "url", "uuid": "0ec5863b-3809-4ad4-b293-b5f11304cb9c", "value": "http://www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772809776", "to_ids": true, "type": "hostname", "uuid": "0e80d7dd-a526-4437-aa02-b44cd5eef393", "value": "api.ra-backup.com", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772809801", "to_ids": true, "type": "url", "uuid": "b1d18505-77a5-4d75-ab12-d72923438894", "value": "https://api.ra-backup.com/analytics/submit.php", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772809823", "to_ids": true, "type": "url", "uuid": "be2d5f93-899f-4fca-977b-54f48f150dd1", "value": "https://bit.ly/4tWJhQh", "Tag": [ { "colour": "#2c2142", "local": false, "name": "false-positive:risk=\"high\"", "relationship_type": "" }, { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] }, { "category": "Network activity", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1772809845", "to_ids": true, "type": "url", "uuid": "c68cccbd-5583-4b05-a952-765ab08d6fd9", "value": "https://www.shirideitch.com/wp-content/uploads/2022/06/RedAlert.apk", "Tag": [ { "colour": "#342294", "local": false, "name": "CommentAdded", "relationship_type": "" } ] } ] } }