Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
Apple Hide My Email Flaw Exposed Real User Email Addresses
July 1, 2026
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Home/Threats/Iranian Hackers Target US Organizations With Fake Event Invites
Threats

Iranian Hackers Target US Organizations With Fake Event Invites

Key Takeaways An Iranian advanced persistent threat (APT) group is targeting U.S. organizations with sophisticated phishing campaigns. The attacks leverage fake event invitations to trick victims...

Jennifer sherman
Jennifer sherman
April 30, 2026 2 Min Read
44 0

Key Takeaways

  • An Iranian advanced persistent threat (APT) group is targeting U.S. organizations with sophisticated phishing campaigns.
  • The attacks leverage fake event invitations to trick victims into either divulging credentials or installing remote monitoring and management (RMM) tools.
  • The use of legitimate RMM software like ScreenConnect, ITarian, and Datto RMM helps attackers maintain persistent, stealthy access to compromised networks.
  • The campaign employs adaptable phishing kits and meticulously crafted infrastructure to evade detection.

Iranian APT Group Deploys Sophisticated Phishing Attacks Against U.S. Entities

A persistent Iranian threat actor is orchestrating a large-scale phishing campaign, specifically targeting U.S. organizations through deceptive event invitations. The attackers utilize sophisticated phishing kits, allowing them to rapidly deploy new malicious sites and circumvent security defenses when existing infrastructure is identified and taken down by security vendors. Comprehensive details of this campaign are available in a report.

Table Of Content

  • Key Takeaways
  • Iranian APT Group Deploys Sophisticated Phishing Attacks Against U.S. Entities
  • Beyond Credential Theft: Establishing Persistent Footholds with RMM Tools

The attackers invest significantly in their infrastructure, designing phishing domains to meticulously imitate legitimate business websites. This high degree of verisimilitude serves to prolong the time until detection, granting the attackers extended access within a target’s network before any compromise is identified.

Beyond Credential Theft: Establishing Persistent Footholds with RMM Tools

The campaign’s true threat extends beyond mere credential harvesting. Following a successful phishing attempt, the attackers proceed to install legitimate remote monitoring and management (RMM) software, including ScreenConnect, ITarian, and Datto RMM, onto victim machines. This tactic enables them to establish a persistent and covert presence within the corporate environment.

The strategic choice of RMM tools is critical to the attackers’ success. These applications are routinely used by legitimate IT departments for system administration, making their presence on a network less likely to trigger immediate security alerts. Consequently, RMM software often bypasses standard security filters and blends seamlessly with normal network activity. This allows the threat actors to maintain quiet, long-term access to compromised systems without attracting undue attention, as detailed in the full

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackphishingSecurityThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Critical Supply Chain Attack on PyTorch-Lightning Python Package

Next Post

Phoenix PhaaS Platform Fuels Smishing Attacks Against Finance, Telecom

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Citrix NetScaler ADC and Gateway Bugs Allow DoS, Memory Overflow
July 1, 2026
Critical Vulnerability in Windows Drivers Lets Attackers Disable Security Software
July 1, 2026
Automotive Manufacturer Boosts SOC Triage Speed, Closes Supplier Security Gap
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us