Are Iranian APTs Already inside Your Hybrid Network? by Lucie Cardiet

**Executive summary:** A recent intelligence briefing describes coordinated Iranian state-linked cyber operations that emphasize identity and cloud-focused intrusion tradecraft to evade traditional endpoint defenses; actors leverage spear-phishing, OAuth abuse, MFA bypass, living-off-the-land scripts, and cloud-native tooling to access, persist, and exfiltrate data across government, telecom, energy, and commercial sectors, and the report maps these behaviors to MITRE ATT&CK, lists affected groups and malware families, and provides detection/hardening recommendations and vendor-specific threat hunts.