Iran-linked Hackers Target US, Israel, and UAE in Cyber Espionage Campaign
Iran-linked hackers targeted US, Israel and UAE, Palo Alto Networks says
Image: Jpost
A cyber espionage group linked to Iran, known as Screening Serpens, has conducted targeted attacks against entities in the US, Israel, and the UAE from mid-February to April 2026. The group's activities coincided with regional conflicts and involved sophisticated malware techniques, including AppDomainManager hijacking, to exploit vulnerabilities in targeted organizations.
- 01Screening Serpens has been active since at least 2022 and has shown increased technical capabilities.
- 02The group used six new remote access Trojan (RAT) variants, categorized into two malware families: MiniUpdate and MiniJunk V2.
- 03The attacks were timed with the regional conflict that began on February 28, 2026, and Operation Roaring Lion.
- 04Social engineering tactics included fake job offers and impersonation of trusted brands to lure technology professionals.
- 05Unit 42 warns that Screening Serpens is likely to continue its cyber campaigns, urging organizations to bolster their defenses.
Advertisement
In-Article Ad
A report by Palo Alto Networks' Unit 42 reveals that an Iran-linked cyber espionage group, Screening Serpens, has targeted entities in the United States, Israel, and the United Arab Emirates during a campaign from mid-February to April 2026. This timing coincided with escalating regional tensions and Operation Roaring Lion. The group, also known by aliases like UNC1549 and Smoke Sandstorm, is described as an advanced persistent threat (APT) aligned with Iranian intelligence objectives. The report identifies six new remote access Trojan (RAT) variants developed during this period, organized into two families: MiniUpdate and MiniJunk V2. Notably, the group employed AppDomainManager hijacking, a technique that compromises .NET applications' security. Screening Serpens primarily targets technology professionals through tailored social engineering tactics, including fake job offers that impersonate trusted brands. Despite their sophisticated methods, no breaches of the impersonated organizations' infrastructure were found. Unit 42 warns that Screening Serpens shows no signs of slowing down, indicating a need for organizations to strengthen their cybersecurity defenses against future attacks.
Advertisement
In-Article Ad
Organizations in the targeted sectors, particularly in the US, Israel, and UAE, may face increased risks of cyberattacks, requiring enhanced cybersecurity measures.
Advertisement
In-Article Ad
Reader Poll
How concerned are you about cyber threats from foreign entities?
Connecting to poll...
More about Palo Alto Networks
Análisis de crecimiento y expansión de Palo Alto Networks en el mercado de ciberseguridad
Investing • May 24, 2026
Iranian Hackers Target Aviation and Oil Industries with Fake Job Offers
Moneycontrol • May 23, 2026
Iranian Hackers Target US Aviation Engineers with Fake Job Scams Amid Ongoing Conflict
Times Now News • May 23, 2026
Read the original article
Visit the source for the complete story.