⚠️ Region Alert: UAE/Middle East
Unit 42 has identified a significant shift in Iranian threat activity, specifically involving the group CL-STA-1128 (Cyber Av3ngers), which is now targeting Rockwell Automation industrial control systems (OT/ICS). This escalation coincides with the restoration of limited internet access in Iran after a 47-day blackout. The threat actors are reportedly utilizing virtual private servers to deploy industrial automation software to facilitate their exploitation efforts, targeting thousands of global IP addresses associated with critical infrastructure.
Simultaneously, a massive wave of regional financial fraud and phishing is targeting the Middle East. Attackers are impersonating trusted entities such as the Dubai Police, Emirates Post, and major telecommunications providers to conduct credit card theft and credential harvesting. These campaigns leverage sophisticated evasion tactics, including top-level domain rotation and conflict-themed lures, to exploit regional brand trust during the ongoing transregional conflict.
