EXECUTIVE SUMMARY
Ongoing regional geopolitical tensions have significantly elevated the cyber threat landscape, increasing the likelihood of activity from Iran-aligned advanced persistent threat (APT) groups. These actors have a demonstrated capability to conduct strategic cyber espionage, credential theft, and disruptive cyber operations targeting critical sectors and supporting infrastructure. Recent threat intelligence indicates a heightened probability of retaliatory or opportunistic cyber operations in the near term, particularly against organizations operating within or supporting Middle East and allied interests.
Organizations are strongly advised to adopt a heightened security posture and strengthen security controls across external-facing systems, identity services, and cloud environments, to help reduce the risk of compromise.
- Active Region: Middle East (GCC, including UAE)
- Affected Sector: Government, Energy, Finance, Telecommunications, Transportation & Critical Infrastructure
- Threat Actors: Iran-linked APT groups conducting espionage and disruption (e.g., credential harvesting, spear-phishing, custom malware deployment)
- Affected Product: Multi-sector infrastructure (identity systems, network perimeter devices, cloud services, and enterprise IT environments)
- Severity: High
- Published Date: 1 March 2026
Detailed profiles of relevant Iran-aligned APT groups and associated Indicators of Attack (IOAs) are provided within this advisory to help organizations strengthen their security posture and validation efforts.
HIGH-RISK THREAT ACTORS
Last Reported Activity: October 2025
Recent campaigns targeting Microsoft 365 and Google accounts using credential harvesting and OAuth abuse.
APT35 is an Iran-aligned cyber-espionage group that primarily targets government, energy, finance, telecom, and executive leadership accounts across the Middle East. The group focuses on identity compromise and cloud account takeover, relying on spear-phishing, credential harvesting, and abuse of legitimate cloud services rather……
