Iran-linked hackers target infrastructure in Israel, cyber firm says
Cybersecurity firm ESET said it found new activity by the Iran aligned MuddyWater group that targeted critical infrastructure in Israel and one organization in Egypt.
Cybersecurity firm ESET said it found new activity by the Iran aligned MuddyWater group that targeted critical infrastructure in Israel and one organization in Egypt.
MuddyWater, also known as Mango Sandstorm or TA450, has links to Iran’s Ministry of Intelligence and National Security and has targeted government and infrastructure in the Middle East and beyond since at least 2017.
Researchers said victims in Israel included technology, engineering, manufacturing, local government and education sectors. They said the group used new custom tools to improve its ability to hide and stay active inside networks, including a backdoor called MuddyViper that can gather system data, run commands, move files and steal Windows credentials and browser data.
The report said the attackers used Fooder, a loader that reflects malware into memory and at times imitates the classic Snake game, to deploy MuddyViper. It said the group also used several credential stealers and avoided interactive sessions to reduce detection.
Researchers said the campaign relied on spearphishing emails that sent victims to installers for remote monitoring tools hosted on free file sharing sites. They said the operators used a range of malware, including VAX One, which imitates products such as Veeam and AnyDesk.
Past MuddyWater operations include attacks in Saudi Arabia and campaigns that overlapped with Lyceum, suggesting the group may serve as an initial access broker for other Iran linked actors.
The US State Department said Rewards for Justice is offering up to 10 million dollars for information that helps identify or locate two Iran linked cyber actors tied to operations against US critical infrastructure.
The program said Mohammad Bagher Shirinkar oversees the Shahid Shushtari cyber group and that Fatemeh Sedighian Kashi is a long time employee who works closely with him in planning and carrying out cyber operations. Shahid Shushtari is part of the Islamic Revolutionary Guard Corps Cyber Electronic Command and has operated under names that include Emennet Pasargad, Aria Sepehr Ayandehsazan and Net Peygard Samavat Company.
US officials said the group has caused financial damage and disruption to US businesses and government agencies and has targeted news, shipping, travel, energy, financial and telecommunications sectors in the United States, Europe and the Middle East.
Rewards for Justice said Shahid Shushtari actors ran a multi step operation during the 2020 US presidential election and had earlier carried out cyber enabled information operations that used a false flag persona.
The Treasury Department in 2021 designated the group, then known as Emennet, and six of its employees under an executive order for attempting to influence the 2020 election.
The State Department urged people with information on Shirinkar, Sedighian or the Shahid Shushtari group to send tips through its Tor based reporting channel.
Soaring psychotherapy costs in Iran are forcing many patients to sell personal belongings or take on debt yet large numbers still abandon treatment due to the steep fees, the Tehran-based daily Ham-Mihan newspaper reported on Tuesday.
The paper said interruptions in care have intensified feelings of helplessness, despair and the recurrence of mental health symptoms among those unable to continue.
While the official psychotherapy tariff for the current Iranian year, which began in late March, is set at 5,000,000 to 6,200,000 rials ($4–$5) per session, actual prices in Tehran range from 10,000,000 to 50,000,000 rials ($8–$42), the report said.
It added that the minimum monthly wage for a married worker with two children is about 163,000,000 rials (around $137), while the average monthly income nationwide is 240,000,000 to 250,000,000 rials ($202–$210).
At these income levels, each therapy session costs the equivalent of one-third to one-fifth of a monthly salary for middle- and lower-income households.
Ham-Mihan’s report said that to respond to rising demand, the government has expanded a network of community mental-health centres known as Seraj, with about 100 centres now operating nationwide offering basic support.
However, it added that these centers do not offer psychotherapy and that coverage remains uneven and capacity limited, particularly outside major cities, forcing many patients toward the more expensive private sector.
The report cited a national study published this summer by Iran’s National Institute of Health Research found that 62.5% of people with psychiatric disorders felt they needed treatment in 2021–22, but only 35.7% received services — a rate unchanged from a decade earlier.
Cost was one of the main barriers, alongside stigma and the belief that symptoms would resolve without professional help.
Last December, Iran’s Health Ministry said one in four people in the country suffers from a psychiatric disorder, almost double the global estimate of one in eight according to World Health Organization (WHO) mental-health data.
Global data show Iran carries a heavier mental-health burden than the world average, with mental disorders accounting for 10.3% of total disability-adjusted life years (DALYs) in 2019 compared with roughly 8% globally, according to the Global Burden of Disease Study (GBD), published by the UK-based medical journal The Lancet.
Meanwhile, last November, Iranian authorities announced plans to open a treatment clinic for women who defy the country's compulsory hijab rules.
The initiative, announced by Mehri Talebi Darestani, head of the Women and Family Department at the Tehran Headquarters for the Promotion of Virtue and Prevention of Vice, would offer what she described as “scientific and psychological treatment for hijab removal,” signaling the government’s focus on behavioral enforcement even as access to mental-health care remains limited.
UN human rights experts urged Iran to halt the execution of a 25-year-old victim of child marriage whose death sentence is scheduled to be carried out this month after allegedly killing her abusive husband during a domestic dispute.
According to the experts, which include Mai Sato, Special Rapporteur on the situation of human rights in Iran, Goli Kouhkan was forced into marriage at the age of 12 to her cousin and endured years of physical and psychological abuse while working as a farm laborer.
Kouhkan gave birth at home at 13 without medical care. Attempts to escape the marriage failed because of her undocumented status a Baloch minority and societal pressure, the experts said.
In May 2018, her husband beat both her and their five-year-old son. After a relative was called to help, a confrontation ensued that resulted in her husband’s death, according to the experts.
"Iranian courts failed to consider the sustained pattern of abuse or assess specific circumstances surrounding her actions," the experts said in their statement.
They added that during interrogation, Kouhkan, an illiterate woman with no legal representation, was pressured into a confession that formed the basis of her death sentence.
“Goli Kouhkan is a survivor of domestic violence and a victim of the justice system,” the experts said.
“Her execution would represent a profound injustice. The State would be killing a woman who endured years of gender-based violence while defending herself and her child,” they added.
The husband's family agreed to forgo execution only if she pays 100 billion rials (USD 85,000) in blood money, “an amount considerably higher than the recommended rate and far beyond her reach, especially as an undocumented woman who has been rejected by her family,” the experts said.
“This is a woman who was sold into marriage as a child, brutalized for years, and then abandoned by her family and the justice system,” the experts said. “Her case starkly illustrates how gender discrimination and ethnic marginalization intersect to create profound injustice.”
The experts said at least 241 women were executed between 2010 and 2024, including 114 sentenced to death for homicide, many of whom had allegedly killed a husband or intimate partner after years of domestic violence or child marriage.
In Iran, the legal marriage age for girls is 13, and even younger with a guardian’s and judge’s approval. Rights groups say girls and women have little protection from domestic violence, and women face major obstacles when trying to divorce.
Every transaction linked to Iran — no matter how small — must now be treated as high-risk under newly tightened regulations introduced by Canada last week, a move experts warn could fall hardest on ordinary Iranians.
The previous $10,000 reporting threshold has been eliminated in favor of a zero-dollar threshold for any financial transaction to or from Iran.
Ottawa tightened the rules after the international anti-money laundering body the Financial Action Task Force (FATF) again warned that Iran remains a high-risk jurisdiction for terrorism financing and sanctions evasion.
Canada says the new rules target funds that originate in Iran and may involve individuals, organizations or networks linked to the Islamic Republic using small transfers to evade sanctions or obscure the true source of money.
But because these transactions often resemble ordinary remittances, the government has argued, the measures now apply to anyone receiving money from Iran, even for legitimate reasons.
“There is a risk that the Islamic Republic of Iran may be facilitating sanctions evasion, which the Minister is of the opinion could have an adverse impact on the integrity of the Canadian financial system or the reputational risk to that system," Canada’s Finance Minister wrote in a statement.
Canada is home to of the largest Iranian diaspora communities in the world at nearly 300,000 people, and many rely on transfers from Iran from the sale of property or land, inheritance payments or support sent by parents to university students.
Remittances from professionals in Canada to loved ones in Iran are also widespread.
FINTRAC, or Financial Transactions and Reports Analysis Centre of Canada, is the independent federal agency reporting to the Ministry of Finance which is overseeing the rule change.
“With the changes, all businesses subject to the Act are required to report every financial transaction to or from Iran regardless of its amount,” a spokesperson for FINTRAC wrote to Iran International.
“Prior to this update," she added, "the Ministerial Directive only required banks, credit unions, foreign banks and money services businesses to report every financial transaction to or from Iran.”
'Uniquely challenging'
But experts warn that while the directive may make it harder for Islamic Republic-linked actors to move money, it may also create unintended consequences.
Investigative journalist Sam Cooper, one of Canada’s leading reporters on transnational crime, said Iran-linked transactions were particularly hard to detect.
“The regime and its proxies already operate through deep, global underground banking networks," said Cooper, author of Willful Blindness, a book on money laundering networks operating through Canada. "They work with transnational crime groups — from Hezbollah to Latin American cartels and their partners in places like Venezuela.”
Cooper added that tougher reporting rules often fall hardest on ordinary Iranians trying to send money through legitimate channels.
“They often hit ordinary Iranians who refuse to use those underground networks and end up locked out of legitimate banking instead. That can unintentionally strengthen Iranian, Chinese and Mexican criminal networks, which step in to provide ‘services’ that formal banks can no longer offer,” he said.
Canada shuttered its embassy and cut diplomatic ties with Iran in 2012 over what it called security concerns for its diplomats and Iran’s alleged support for terrorism and human-rights abuses.
The move is also being closely watched by those involved in shaping Canada’s sanctions policy. Brandon Silver, an international human rights lawyer has provided expert testimony before Parliament, welcomed the strengthened guidance which many in the sanctions community have long pushed for.
“This FINTRAC guidance on Iran is a reflection of the Islamic Republic’s culture of corruption and criminality,” Silver told Iran International.
“These funds are used to finance mass domestic repression and external aggression — whether it is the murder and maiming of Iranian women’s rights leaders, or the transnational repression targeting Canadians," he said, adding that he hoped other countries in the G7 grouping of wealthy democracies would impose their own curbs.
A plan to reassess green cards for nationals from 19 countries including Iran after a DC shooting risks collective punishment, legal experts and members of the affected communities warn, as the move plunges thousands of vetted immigrants into limbo.
The announcement came after an Afghan national opened fire on West Virginia National Guard on the day before Thanksgiving last week, killing Sarah Beckstrom, 20, and severely injuring Andrew Wolfe, 24.
“This feels like a form of collective punishment because there was one sole shooter who is not reflective of a broader community of Afghans,” international human rights lawyer Gissou Nia told Iran International.
“It also feels like a move to ban legal immigration completely from certain countries that the Trump administration does not want to see any immigrants from.”
The suspect, Rahmanullah Lakanwal, arrived in the United States in 2021 under a program that granted protections to Afghan partner forces following the US withdrawal from Afghanistan.
Lakanwal sought asylum in 2024 and was granted it in April under the Trump administration according to sources familiar with the matter cited by ABC News.
The administration has so far provided few details about how the re-evaluation would work beyond public statements from US President Donald Trump and senior immigration officials.
Trump, whose political comeback last year depended heavily on his pledge to halt illegal immigration and carry out mass deportations, said he would “permanently pause migration from all third world countries”.
But a lack of clarity has created deep uncertainty for thousands of legal permanent residents — including Iranians, dual nationals and residents of third countries — who wonder whether they will be affected.
The Department of Homeland Security did not immediately respond to an Iran International request for comment.
Kristi Noem, Secretary of the Department of Homeland Security wrote on X after meeting with Trump on Monday: “I am recommending a full travel ban on every damn country that’s been flooding our nation with killers, leeches, and entitlement junkies ... We don’t want them. Not one.”
Supporters of the administration’s move are also speaking out publicly.
Stephen Miller, former White House deputy chief of staff for policy and homeland security advisor, pushed back against Democratic criticism of the Trump administration’s immigration measures, arguing that critics oppose any limits on immigration.
“The Democrat Party is organized around one essential command: No limit of any kind can be placed on the entry of third-world migrants. The failed states of the world must be allowed to empty themselves out into America. And you must pay for their every need, forever,” Miller wrote.
'Political tokens'
Iranian-American organizations say the decision jeopardizes legal commitments made to people who have already undergone years of vetting.
Ali Rahnama of the Iranian American Lawyers Defense Fund (IALDF) said the move threatens fundamental principles of fairness and rule of law.
“Green cards are not political tokens. They are the foundation of family reunions, economic growth and America’s future. They are earned after an elaborate and detailed process,” he told Iran International.
National security analysts caution that the government’s response seeing complex geopolitical dynamics through the prism of a single tragedy.
Dr. Eric Mandel, director of the Middle East Political Information Network (MEPIN) said the administration’s decision must be understood in the broader context of America’s ongoing effort to secure its borders.
He said the United States still needs strict screening to keep out real threats but warned "those escaping the (Iranian) regime’s Shiite jihadists are often the very Iranians most inclined to stand with the United States. Instead of punishing them, US policy should champion the Iranian people and signal unequivocally that America supports their pursuit of democratic change.”
Iran specialist Behnam Ben Taleblu of the Foundation for Defense of Democracies (FDD) said the review could unfairly ensnare Iranians who underwent years of rigorous screening.
“There’s an old Persian saying that goes, ‘a fool throws a stone into a well, and a thousand wise men can’t get it out.’ This best describes the situation facing Iranian green card holders following the shooting,” he said.
“It was already hard enough for Iranians to come to America, especially after the travel ban. Iran has one of the highest brain drain rates in the region."
Sense of blame
Among Afghans, the shooting has triggered not only grief but fear of collective blame. A community member who attended a candlelight vigil outside the White House on Sunday for the two National Guard victims said she is overcome with grief.
"They (the Afghan community) expressed deep sympathy for the victims and called for the strongest punishment for the perpetrator," she said.
The community member who also lived in Iran, who asked to remain anonymous for her safety, said fellow Afghans worry they would now be blamed.
“Afghans have been US partners for two decades," she said," and one person’s crime should not define millions.”
