Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization

This report analyzes the evolution of Iranian-aligned cyber actors from destructive, custom wiper malware to large-scale identity and management-plane abuse (MDM/RMM), describing historical campaigns, notable malware families and groups (e.g., Shamoon, Agonizing Serpens, Void Manticore), and warning that compromise of privileged administrative identities can enable mass remote-wipe operations that bypass traditional EDR—recommending identity-centric defenses such as Zero Trust, PIM/JIT, strict conditional access, and air-gapped backups.