<p>President Donald Trump has suggested the Iran conflict could end within weeks, but his messaging remains fluid. He previously tied any potential ceasefire to reopening the Strait of Hormuz, but later said the U.S. would not get involved in negotiating access to the strait. The president also said diplomatic discussions with Iran are progressing, only for Iranian officials to dispute that claim.</p>
<p>The potential impact on the cybersecurity front is equally uncertain, with news this week that Iran’s Islamic Revolutionary Guard Corps <a target=”_blank” href=”https://www.cnbc.com/2026/04/01/iran-irgc-nvidia-appple-attack-threat.html” rel=”noopener”>named</a> 18 tech companies “legitimate targets” in retaliation for recent U.S. and Israeli strikes on Iran.</p>
<p>”From now on, for every assassination, an American company will be destroyed,” the group warned in a Guard-affiliated Telegram channel. The list of targets included Apple, Google, HP, IBM, JPMorgan, Nvidia and Tesla, among others.</p>
<p>This week’s featured news highlights the latest about the cybersecurity events coinciding with the Iran war.</p>
<section class=”section main-article-chapter” data-menu-title=”Iranian hackers target municipalities to disrupt missile response efforts”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Iranian hackers target municipalities to disrupt missile response efforts</h2>
<p>Hackers linked to the Iranian government have targeted Microsoft 365 platforms of municipal governments in Israel and Gulf states to hinder their response to Iranian missile strikes, according to Check Point.</p>
<p>In March, more than 300 Israeli and around 25 United Arab Emirates organizations were attacked, with municipal governments being primary targets due to their role in post-strike responses. The campaign, likely supporting Iran’s kinetic operations, also targeted energy, transportation and technology sectors, with some attacks extending to the U.S., U.K. and Europe.</p>
<p>Using password-spraying techniques and VPNs, the attackers exploited weak passwords. Check Point advised <a href=”https://www.techtarget.com/searchsecurity/feature/Leading-multifactor-authentication-tool-providers”>enforcing MFA</a> and geofencing to mitigate such threats.</p>
<p><a target=”_blank” href=”https://www.cybersecuritydive.com/news/iran-cyberattack-missile-strikes-password-spraying/816333/” rel=”noopener”><i>Read the full article by Eric Geller on Cybersecurity Dive</i></a><i>.</i></p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Iran’s hybrid cybercrime strategy targets U.S. and Israel”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Iran’s hybrid cybercrime strategy targets U.S. and Israel</h2>
<p>Iran is using Russian cybercriminals and state-backed ransomware, such as Pay2Key, to advance its geopolitical goals against the U.S. and Israel, according to KELA’s Cyber Intelligence Center. By recruiting affiliates from Russian forums, Iran uses Pay2Key for pseudo-ransomware attacks, blending data destruction with financial extortion. This hybrid approach blurs the lines between state and criminal activities, complicating attribution and increasing legal risks for victims.</p>
<p>Iran incentivizes affiliates with higher payouts for targeting adversaries. Additionally, Iran-backed APT Agrius employs Apostle malware to disguise destructive operations. KELA researchers advised organizations to enhance their defenses with MFA, segmentation and <a href=”https://www.techtarget.com/searchsecurity/tip/Top-open-source-and-commercial-threat-intelligence-feeds”>threat intelligence monitoring</a>.</p>
<p><a target=”_blank” href=”https://www.darkreading.com/threat-intelligence/iran-pseudo-ransomware-pay2key-operations” rel=”noopener”><i>Read the full article by Elizabeth Montalbano on Dark Reading</i></a><i>.</i></p>
</section>
<section class=”section main-article-chapter” data-menu-title=”Iranian hackers claim to sell Lockheed Martin data”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>Iranian hackers claim to sell Lockheed Martin data</h2>
<p>Iran-linked threat actors, tracked as APT Iran, claim to have hacked defense contractor Lockheed Martin, offering alleged F-35 blueprints and Pentagon contracts for $598 million, according to Flashpoint researchers.</p>
<p>A group tracked as Handala or Handala Hack also threatened Lockheed engineers over SMS, demanding they leave Israel. Experts have warned that Iranian actors often exaggerate or fabricate claims, mixing legitimate data with disinformation.</p>
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: