A persistent Iranian threat actor known as Infy, also called Prince of Persia, has resumed significant activity after nearly five years. New malware variants, sophisticated command and control infrastructure, and targeted attacks across multiple regions highlight the groupβs ongoing danger. #PrinceOfPersia #Foudre #Tonnerre #APT35
Keypoints
- Infy, an Iranian APT group, has increased its activity after a long hiatus.
- The group uses malware variants Foudre and Tonnerre to target high-value machines.
- They employ domain generation algorithms and RSA verification for resilient C2 infrastructure.
- Their campaigns have targeted Iran, Iraq, Turkey, India, Canada, and Europe with updated malware.
- Infyβs operations include using Telegram for command and control, and they have maintained stealth since 2017.
Read More: https://thehackernews.com/2025/12/iranian-infy-apt-resurfaces-with-new.html