Iranian State-Sponsored Cyber Group Conducts Prolonged Intrusion on Middle Eastern Critical Infrastructure

An Iranian state-sponsored cyber threat group conducted a prolonged intrusion targeting critical national infrastructure (CNI) in the Middle East from May 2023 to February 2025. This activity included extensive espionage operations and probable network prepositioning, a tactic often used to maintain persistent access for future use. Technical details mention the exploitation of VPN vulnerabilities and the use of malware to maintain access.