Critical Threat Research : The Iranian Cyber War Intensifies!
Comprehensive Threat Exposure Management Platform
For a detailed threat digest, download the PDF file here
HiveForce Labs has reported a sharp rise in cybersecurity threats, highlighting the increasing complexity and frequency of global cyber incidents. Over the past week, four major attacks were detected, three vulnerabilities were exploited, and two active threat actor groups were monitored, signaling a concerning escalation in malicious activity.
In one notable intrusion, UAT-4356 actors abused flaws in Cisco Secure Firewall ASA and FTD VPN web servers to gain unauthenticated access and execute code on exposed systems. Once inside, they deployed the LINE VIPER shellcode loader to spin up rogue VPN sessions and quietly siphon off sensitive assets, including configurations, admin credentials, certificates, and private keys. The operation didn’t stop there, FIRESTARTER, a Linux-based backdoor, was implanted to hook into the LINA process and tamper with system mount configurations, ensuring long-term persistence and stealthy control.
Meanwhile, the threat landscape is also being shaped by scalable cybercrime operations and deceptive social engineering campaigns. The rebranded VECT 2.0 ransomware group is rapidly expanding its RaaS ecosystem with a purpose-built C++ framework designed for efficiency and impact. Alongside this, Operation TrustTrap is leveraging a vast phishing infrastructure of over 16,800 domains, cleverly mimicking government services across multiple countries by manipulating subdomains and trusted naming patterns to evade detection. Together, these developments underscore a shift toward hybrid attack strategies, where technical exploitation and psychological manipulation go hand in hand, making timely patching, vigilant monitoring, and layered defenses more critical than ever.
Subscribe to receive our weekly threat digests and alerts directly in your inbox.
