Profero successfully decrypted DarkBit ransomware, enabling recovery of a victim's files without ransom payment. The attack, linked to Iranian state-sponsored actors, involved a unique encryption method that Profero exploited, ultimately leading to significant data recovery due to the sparse nature of the affected VMware ESXi server files. Profero is offering assistance to future victims but will not publicly release the decryptor.

The Israel-linked Predatory Sparrow hacking group has stolen over $90 million from Nobitex, Iran’s largest cryptocurrency exchange, as part of escalating cyber hostilities between Israel and Iran. The hackers drained various cryptocurrencies and destroyed the assets by locking them in inaccessible wallets, signaling a significant intensification of the ongoing cyber shadow war.

A hacking group named Lab Dookhtegan has reportedly disrupted communications of Iranian ships, indicating a significant cyber attack on maritime operations. This incident highlights ongoing tensions and the increasing use of cyber warfare tactics in geopolitical conflicts.

Stormshield's CTI team discovered servers linked to APT35, an Iranian APT group known for phishing campaigns. The team provided insights on how to identify these servers, highlighting ongoing phishing tactics targeting various sectors, particularly in Israel. They shared specific indicators of compromise and methods for tracking related domains.

CISA, FBI, DC3, and NSA issued a joint statement warning about potential targeted cyber activities by Iranian-affiliated actors against U.S. critical infrastructure. While no coordinated attacks have been detected, organizations are urged to remain vigilant and implement cybersecurity best practices to defend against possible threats.