AI-generated phishing email from Iranian APT groups

Iranian state-backed Advanced Persistent Threat (APT) groups have intensified their cyber operations in response to Israeli and American strikes on Iranian nuclear and military facilities in June 2025. While physical conflicts remain limited, the cyber domain has seen a surge in activities targeting U.S. and European entities.

AI-generated phishing email from Iranian APT groupsAI-generated phishing email from Iranian APT groups

Affiliated with the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS), these actors employ a mix of espionage, disruption, and psychological warfare. Pro-Iranian hacktivist groups have conducted Distributed Denial of Service (DDoS) attacks on financial institutions and defense firms, while subtler threats like phishing campaigns and industrial control system (ICS) scanning complicate attribution.

AI-generated phishing email from Iranian APT groupsAI-generated phishing email from Iranian APT groups

Key APT Operations

Central to Iran’s cyber strategy are APT35 (Charming Kitten) and APT33 (Elfin), both of which have adapted their tactics amid rising tensions. APT35 has shifted from traditional surveillance to AI-enhanced phishing operations, targeting cybersecurity researchers and academics with realistic emails that impersonate industry leaders. These campaigns utilize artificial intelligence to create hyper-realistic scenarios, complicating detection through advanced social engineering.