![]() |
CyberWire DailyThe daily cybersecurity news and analysis industry leaders depend on. Author: N2K Networks
The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world. Language: en Genres: Daily News, News, Tech News Contact email: Get it Feed URL: Get it iTunes ID: Get it Trailer: |
Listen Now...
Telegram for the throne. [Research Saturday]
Episode 413
Saturday, 21 February, 2026
Today we have Tomer Bar, VP of Security Research at SafeBreach Labs, discussing their work on "Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope". In this first installment of SafeBreach’s deep dive into the Iranian-linked APT known as “Prince of Persia,” originally exposed by Palo Alto Networks Unit 42, researchers reveal that the group never truly went dark after 2022—but instead evolved. Led by Tomer, the investigation uncovers new variants of Foudre and Tonnerre malware, expanded campaign scale, active C2 infrastructure through late 2025, and a shift toward Telegram-based command-and-control. The research provides rare, sustained visibility into nearly a decade of Iranian nation-state cyber operations, offering fresh indicators of compromise and insight into how the group continues to refine its tooling, obfuscation, and targeting. The research can be found here: Prince of Persia, Part 1: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope Learn more about your ad choices. Visit megaphone.fm/adchoices











