malwareπInternationalCSO Online
Iranian APT Prince of Persia returns with new malware and C2 infrastructure
Friday, December 19, 2025
What
The Prince of Persia threat group has reemerged with updated malware variants and new command-and-control strategies, targeting victims for surveillance and data theft.
Where
Primarily Iran, with victims also identified in Europe, Iraq, Turkey, India, and Canada.
When
The group was last noted to be active until 2022, but new activity has been reported in late 2023.
Key Factors
- β’New malware variants Foudre and Tonnerre have been updated with significant changes.
- β’Malware delivery has shifted to using Excel files with embedded malicious executables that evade detection.
- β’The group has adopted a new domain generation algorithm for command-and-control server communication.
Takeaways
- βOrganizations must remain vigilant against evolving APT tactics and update their cybersecurity measures accordingly.
- βThe use of Telegram for command and control highlights the need for monitoring unconventional communication channels.
- βSharing threat intelligence and indicators of compromise can aid in tracking and mitigating the group's activities.
Read Full Article
Opens original article on CSO Online
