Iranian Intelligence Cyber Unit Mimics Ransomware to Mask Espionage

Iranian Intelligence Cyber Unit Mimics Ransomware to Mask Espionage

An MOIS-linked threat actor is deploying ransomware as theatrical cover while maintaining persistent backdoor access to compromised networks. The Register reports the operation prioritizes intelligence collection over financial extortion, with encryption serving as misdirection rather than primary objective.

The tactic complicates attribution and enables longer-term access by shifting victim focus toward data recovery instead of counterintelligence response. Defenders should treat ransomware incidents involving geopolitically relevant targets as potential espionage vehicles requiring full forensic scope.

️ Open sources - closed narratives

@sitreports

Source: Telegram "sitreports"