Tech
Iran war a melting pot for other cyber threats | Computer Weekly
State-backed cyber threat actors from the likes of Belarus, China and Pakistan are all ramping up their activity in the wake of the joint Israeli-US attack on Iran, even though their government paymasters are not directly involved in the war.
This is according to intelligence published by Proofpoint, which claims to have observed several such campaigns unfolding in the wild. It believes this wave of malicious activity reflects a mixture of threat actors opportunistically using the conflict to create lures in their routine options, and intelligence collection directly related to Middle Eastern governments and their allies.
“These campaigns were conducted by both known groups and previously unobserved actors, with suspected attribution to China, Belarus, Pakistan and Hamas,” wrote Proofpoint’s research team.
“The campaigns heavily relied on aspects of the conflict as topical lure content to engage the targets and often used compromised accounts belonging to government organisations to send phishing emails,” they said.
In one such campaign, Belarussian threat actor TA473, or Winter Vivern, impersonated a European Council president spokesperson relaying a statement on the European Union’s (EU’s) position on human rights, regional security and Iran’s alleged weapons of mass destruction.
It was sent to government organisations in both Europe and the Middle East – the first time Winter Vivern has been seen targeting the Middle East – and contained an HTML file which, if opened, displayed a decoy image while conducting an HTTP request in the background. However, said Proofpoint, for now at least, this request is likely intended for target tracking purposes only, as it neither observed nor retrieved any next-stage payloads.
At the same time, the China-linked UNK_InnerAmbush actor ran a phishing exercise targeting diplomats and government officials in the region. Using a compromised email address, it used the death of Ayatollah Khamenei as a lure, purporting to share “secret on-site images” obtained via the US Department of Foreign Affairs – which should be a dead giveaway to anybody with knowledge of American politics, as US foreign affairs are handled by the State Department.
Images of strikes
Days later, UNK_InnerAmbush pivoted to images of Israel’s strikes on Iran’s fossil fuel infrastructure, which have induced a major ecological disaster – but in all instances, the images were actually disguised Microsoft Shortcut (LNK) files, hosted in a password-protected ZIP or RAR archive on Google Drive. If opened, they ran executables that decrypted Cobalt Strike command and control (C2) payloads and loaded them into memory.
Meanwhile, despite their government’s non-involvement, Pakistan-aligned threat actor UNK_RobotDreams has been targeting the offices of Middle Eastern government organisations in neighbouring India, impersonating India’s Ministry of External Affairs – which is at least the correct terminology – with phishing emails purporting to advise on the security impacts of the war.
These emails contained a blurred decoy PDF attachment and a fake Adobe Reader button which, if opened, redirected to a threat actor-controlled URL that used geofencing to serve a tainted executable to its intended targets. The executable functioned as a .NET loader that retrieved a Rust backdoor from the threat actor’s C2 host via PowerShell.
“While several of these groups incorporated the war-themed lure content in operations that are largely consistent with typical targeting remits, others demonstrated a shift toward intelligence collection against Middle Eastern government and diplomatic entities,” wrote Proofpoint’s research team.
“This likely reflects an effort to gather regional intelligence on the standing, trajectory and broader geopolitical implications of the conflict. This suggests the conflict is being used both as a topical social engineering pretext and a driver of collection priorities for a range of state-aligned threat actors.”
Iran’s state APTs stirring
In contrast to the opening days of the war, during which they appeared to be lying low, leaving the virtual battlefield largely to hacktivists, Iran’s own network of state-linked threat actors is now beginning to make itself known.
Proofpoint said it had now observed TA453, or Charming Kitten, conducting phishing exercises against a US-based think tank, with its lures themed around a roundtable on air defence capabilities – although strictly speaking, this activity began before the outbreak of war.
Other Iranian threat actors, notably the Ministry of Intelligence and Security (MoIS)-linked Seedworm (aka MuddyWater, Static Kitten), have been targeting US airports, banks, non-profits and tech companies, according to intelligence from Cisco Talos.
While, as with Charming Kitten, much of this activity began in February, Cisco Talos noted the use of a previously unknown custom backdoor, dubbed Dindoor, which uses Deno – an open source JavaScript runtime – to execute.
Dindoor was first highlighted by Symantec and Carbon Black last week, and was linked to Seedworm by the use of certificates issued to aliases linked to other Seedworm malwares.
Brigid O’Gorman, senior intelligence analyst at the Symantec and Carbon Black Threat Hunter team, told our sister title, Cybersecurity Dive, that while this particular Seedworm campaign began before the current conflict, it puts the gang in a “potentially dangerous” position to be able to launch further attacks.
The general cyber security threat to UK organisations remains “widespread and significant” with 43% of businesses, 28% of charities and 69% of large firms having suffered either a data breach or cyber attack in the past year, and 29% of respondents saying they were experiencing incidents at least once every week.
This is according to the UK government’s latest Cyber Security Breaches Survey for 2025-26, which comes at the tail-end of a 12 month period that saw a series of high-profile incidents targeting the likes of Marks & Spencer, Co-op Group, and Jaguar Land Rover, as well as amid elevated concern over the impact of offensive artificial intelligence (AI) – which was the subject of a warning from government ministers earlier in April.
“These figures are a stark reminder of the importance of having robust cyber security measures. All business leaders should be gripping this issue and taking action now, especially as AI is making the threat more acute. Quite simply, firms cannot afford not to take these steps,” said cyber security minister Liz Lloyd.
Lloyd has today written to the CEOs and chairs of over 180 of Britain’s largest businesses to urge as many as possible to sign on to the government’s Cyber Resilience Pledge, which was announced at the National Cyber Security Centre’s (NCSC’s) annual CyberUK conference in April and is set to launch later in the year.
Organisations signing up to the Cyber Resilience Pledge will have to take three firm actions to improve their security:
- Make cyber security a board-level responsibility;
- Sign on to the NCSC’s Early Warning service, which is free;
- Obtain the NCSC’s Cyber Essentials certifications across their supply chains.
Lloyd said that doing so would help businesses significantly strengthen their defences and keep themselves, their customers, and the wider economy, safe. “Businesses are not powerless,” she said.
An improving picture?
While the headline statistics give Westminster good reason to keep banging the drum for cyber security, digging deeper, the data show evidence of an improving picture in some regards. The percentage of businesses affected by cyber incidents was roughly in line with the 2024-25 survey period, and down from a high of 50% in 2023-24.
Ransomware attacks against businesses also seem to have dropped a little, with 1% of respondents saying they had been affected by ransomware, down from 3% a year ago, while the prevalence of phishing attacks – although not significantly down on 2024-25 – is way down on 2023-24, affecting 38% this year compared to 42% 24 months ago. And impersonation breaches or attacks affected 12% in 2025-26, down from 17% in 2023-24. Charities – which the government accounts for separately in the report – have also seen significant drops in impersonation attacks or breaches.
This said, phishing attack volumes remain high and are still the most prevalent form of cyber incident, experienced by 38% of businesses and 25% of charities, as well as the most disruptive. Those who took part in qualitative interviews for the report tended to agree that phishing attacks had gotten easier to commit, and were becoming more sophisticated, which was contributing to the increase.
The number of businesses reporting that cyber attacks or breaches led to loss of revenues – or impact to share values – has risen from 2% last year to 5% this year, while the number reporting they experienced reputational damage is also up, from 1% last year to 3% now.
The M&S effect
Picking apart its data, the government said that recent high-profile incidents – like the M&S attack – did not seem to be feeding through in terms of causing a wider shift in resilience. It said that while one might have expected such incidents to spur an increase in vigilance, prioritisation and action on cyber issues has not moved substantially, and long-standing issues such as the resilience gap between large firms and SMEs persists.
Indeed, SME cyber hygiene has been declining on a number of measures after improving in the previous report – the number undertaking risk assessments or putting cyber risk policies or business continuity plans in place seems to be dropping.
TrendAI cyber strategy director, Jonathan Lee, said: “This highlights how awareness of cyber risks still hasn’t fully converted into mitigating action, with no overall reduction in the level of successful cyber attacks year on year.
“While boards report taking more responsibility for cyber risk, it’s worrying to see a year-on-year rise in the proportion of organisations that report seeing government advice and initiatives about cyber security but go on to do nothing in response. This isn’t just on UK businesses and charities. Government needs to do a better job with streamlining schemes, brands and channels to make for a single, coherent national voice on cyber literacy that’s accessible – not just geared towards CIOs,” said Lee.
Lee warned that the UK’s fast-digitising society is being built on “fragile foundations”, particularly with so many business leaders seemingly in awe of AI to the exclusion of the risks it poses.
“While that’s good news for the government’s stated aim of making the UK the fastest country in the G7 to roll out AI, it’s a clear risk as long as complacency about cyber risks is commonplace,” he noted.
After suggesting a wood-burning stove, and a mini bellows, you should have seen this coming. What you need to complete the full-fire package is Cooking On Fire, a gorgeous book of recipes and techniques for cooking over an open flame. Cooking on Fire has a good mix of recipes, ranging from simple and delicious veggies to slow-cooked meats that require hours. There’s also plenty of background on different types of fires and cooking techniques, as well all the equipment you might want to cook various things (for example: spits, forked sticks, cast iron pans, and so on). It’s everything you—er, sorry, your outdoorsy friend—need to get started cooking on fire.
What I really want to try is the fire inside a log technique pictured on the cover, but I haven’t gotten around to that yet. So far I’ve only had a chance to make the grilled pork belly, with grilled carrots and “Krabbelurer” griddle cakes for desert. All of them were excellent, though of course, perhaps that universal rule applies more so here than with any other form of cooking: Your results may vary. In the end, though, this isn’t really a gift about cooking. It’s gift to remind us all to slow down and take your time, with food and everything else.
Having hit the accelerator of deploying 5G standalone (5G SA) services towards the end of 2025, the UK’s leading operator EE has revealed that it has expanded 5G+ to more than 50 million people across some 61 towns and cities in the UK after embarking on increases in capacity and performance as 5G+ customer usage accelerates.
EE first introduced its 5G SA network in September 2024, launching in 15 cities across the UK, including Bath, Belfast, Birmingham, Bradford, Bristol, Cardiff, Edinburgh, Glasgow, Hull, Leeds, Leicester, Liverpool, London, Manchester and Sheffield.
At launch, EE said its 5G SA network had been built to deliver up to 100 times more capacity than 4G connectivity, making it significantly better at handling demands from lots of devices at once.
The operator said the upgraded network would offer a smoother, more reliable and more secure mobile connection built for better live streaming, video calling and mobile gaming. In addition, it was attributed with supporting enhanced voice calls in more places, with faster setup times that reduce the delay between dialling a number and the phone starting to ring via voice over 5G (Vo5G) standalone.
Some of the most recent towns and cities gaining free 5G+ connectivity from EE include Aberystwyth, Antrim, Bangor, Barnsley, Cheltenham, Chicheste, Cirencester, Dorchester, Erskine, Melton Mowbray, Merthyr Tydfil, Newbury, Preston, Salford and St Austell.
The operator said that it has now exceeded its original target to reach 41 million people with 5G+ by spring 2026.
“This milestone shows the pace at which we’re building the UK’s most advanced mobile network,” said Greg McCall, chief security and networks officer at BT Group. “By expanding EE’s 5G+ coverage to millions more people and being the first in the world to launch new network technologies, we’re giving our customers more reliable and resilient connectivity in the places where it matters most.”
The operator added that the expansion of its 5G+ network has resulted in the 54% increase in monthly customer usage and to ensure customers receive optimal day-to-day experience on 5G+, EE has reallocated its 2.1GHz (2100MHz) spectrum across more than 4,000 mobile sites to deliver greater network capacity, stronger indoor coverage and improved upload speeds for 5G+ customers. This is seen as being particularly beneficial in built-up areas where demand is highest. EE plans to upgrade 5,000 more mobile sites in this way in the next few months.
EE also claimed that its 5G+ customers are also enjoying considerably faster download speeds after it established the UK’s first network to launch five carrier aggregation on its 5G+ enabled mobile sites. This is designed to allow compatible 5G+ smartphones and devices to combine the power of five spectrum bands at once. The company said this has resulted 10% faster download speeds on average and improved performance when streaming video.
As it was announcing its 5G+ expansion, EE revealed further progress on the roll-out of Advanced RAN Coordination (ARC) technology to enable mobile sites close to each other to dynamically share capacity in real time. EE stated that it is the first network in the world – and the only in the UK – to deploy ARC technology operator, saying it has instantly boosted network performance by 20% without the need for additional masts.
ARC technology is seen as particularly beneficial in business use cases in busy locations such as train stations, high streets and city centres. Following the launch of the technology in Manchester and Edinburgh in 2025, ARC is now also live on EE’s 5G+ network in London. By the end of May 2026, it will be available in more of the UK’s busiest cities including Belfast, Cardiff, Glasgow, Leeds, Liverpool, Newcastle and Sheffield.
Olivia Rodrigo teases exciting ‘SNL’ double duty episode with one twist
Stock market holiday on May 1: Are NSE, BSE, MCX open on Maharashtra Day? – The Times of India
Chinese team visits Bangladesh, discusses FDI in textile sector
Trump administration in advanced talks for a rescue package for Spirit Airlines, source says
PSL 11: Hyderabad Kingsmen opt to field after winning toss against Multan Sultans
UK inflation accelerates after Iran war drives sharp rise in fuel prices
-
Business1 week ago
Trump administration in advanced talks for a rescue package for Spirit Airlines, source says
-
Sports1 week agoPSL 11: Hyderabad Kingsmen opt to field after winning toss against Multan Sultans
-
Business1 week ago
UK inflation accelerates after Iran war drives sharp rise in fuel prices
-
Tech1 week agoMicrosoft faces court battle in £2bn Windows Server class action | Computer Weekly
-
Entertainment1 week agoAnne Hathaway shares major news about ‘Princess Diaries 3’
-
Business1 week agoGold prices in Pakistan Today – April 23, 2026 | The Express Tribune
-
Tech1 week agoBlackbox replaces two racks of HPE storage with 8U of Everpure | Computer Weekly
-
Fashion1 week agoBangladesh RMG units call for allowing local FOC raw material sourcing