Iraqi Ministry of Foreign Affairs email account
March 12, 2026
•[ cyber espionage, phishing, intelligence collection ]
Proofpoint reported a surge in Iran-linked and conflict-themed cyber espionage activity targeting governments, diplomats, and organizations across the Middle East, often using compromised government email accounts to deliver phishing lures and collect intelligence. Check Point analysis cited overlaps between Iran-linked actors (including MuddyWater and Void Manticore/Handala) and cybercrime tools and infrastructure. This is campaign-level reporting without a single named victim incident and bounded primary-effect metrics.
Undisclosed European ministry
July 31, 2025
•[ malware, apt, intelligence collection ]
HackRead reports DoNot APT deployed LOPTiKMod malware against a European ministry to collect intelligence; attribution aligns with prior DoNot operations.
