Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury

Tenable RSO reports that following Operation Epic Fury, Iranian-linked actors have shifted from espionage to coordinated disruptive and destructive campaigns—notably MuddyWater and Handala—using backdoors, custom wipers, and cybercriminal infrastructure to target critical sectors (finance, healthcare, energy, telecom, aviation). The analysis highlights active exploitation of high-severity CVEs (including multiple Hikvision/Dahua camera flaws and Microsoft vulnerabilities), claims of large-scale data exfiltration and device wiping, and an increased risk posture for organizations in affected industries.