A notorious Iranian state-sponsored threat group, “Prince of Persia,” has reemerged with new malware variants and sophisticated command-and-control techniques. Despite perceived silence, they continue to target Iran and Europe using innovative tools like Telegram-based C2 communications. #PrinceofPersia #Tonnerre #Foudre #IranianThreatGroup #CyberEspionage
Keypoints
- The “Prince of Persia” threat group has been active underground since 2022, updating their arsenal and tactics.
- They have shifted from FTP protocols to using Telegram for command-and-control communication.
- The group has developed new malware variants, including Foudre v34 and Tonnerre v50.
- They utilize complex domain generation algorithms to evade detection and maintain operational resilience.
- The group remains active and highly sophisticated, posing ongoing threats in Iran and Europe.