Iranian Hackers Launch Sophisticated Espionage Campaign Against Defense Officials

APT42, linked to Iran's IRGC, uses social media to hack officials with TameCat malware via fake invites, targeting their families too.

By Content Team

Nov 17, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Iranian state-sponsored hacking group APT42, linked to the Islamic Revolutionary Guard Corps, is conducting an elaborate espionage campaign targeting senior defense and government officials. The hackers spend weeks building relationships with victims through social media before sending fake conference invitations that either steal credentials or install TameCat malware.

The sophisticated PowerShell backdoor communicates through Telegram and Discord, allowing hackers to remotely execute commands and steal sensitive data. APT42 even targets victims' family members to increase pressure and expand their attack surface. Israel's National Digital Agency warns the campaign uses legitimate cloud services mixed with attacker infrastructure to maintain long-term access to high-value targets.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Critical BeyondTrust Flaw Gives Attackers Full Domain Control

Feb 16, 2026

Critical Google Looker Flaws Let Attackers Access Multiple Companies' Data

Feb 6, 2026

Kaiser Permanente Settles Privacy Breach for $46 Million - Here's How to Claim Your Share

Feb 4, 2026

Ransomware Groups Targeting Industrial Systems Surge 49% in 2025

Feb 18, 2026