Iran-aligned APT-C-07 Uses Infy, Foudre, and Tonnerre Malware for Cyber Espionage

Iran-aligned APT-C-07 Uses Infy, Foudre, and Tonnerre Malware for Cyber Espionage

First seen 17 Jan 2026, 05:01 UTC Socprime 79% similarity 53.9

Article Content

Browse articles
ThreatCluster

The Prince of Persia APT, also known as APT-C-07, has been active since 2007 and is linked to Iranian cyber-espionage efforts. This group employs various malware families, including Infy, Foudre, and Tonnerre, to target media organizations, political entities, and civil society. Their operations typically involve spear-phishing and drive-by infection techniques, utilizing unique command-and-control methods like Telegram bot channels.

ThreatCluster AI

Community

Browse all →