The Threat Hunter Team reports a surge in cyberespionage by Iranian-linked APT Seedworm targeting multiple U.S. organizations and companies—often those with ties to Israel—since early February 2026. Researchers uncovered a previously undocumented backdoor named Dindoor across several victims, while hacktivist group Handala has used partial data leaks to amplify attacks, elevating the threat to defense suppliers and critical national infrastructure. #Seedworm #Dindoor #Handala #MuddyWater #DefenseAerospace
Keypoints
- Threat Hunter Team documents increased Seedworm activity since February 2026.
- Victims include a U.S. bank, a defense‑aerospace supplier’s software subsidiary, an airport, and NGOs in the U.S. and Canada.
- Researchers discovered a new backdoor named Dindoor enabling persistent access in high‑value networks.
- Hacktivist group Handala has used partial data leaks to intimidate targets and amplify intrusions.
- Defenders are urged to hunt for Dindoor indicators and harden public‑facing logistics and supply‑chain interfaces.