Socprime
Iran-aligned APT-C-07 Uses Infy, Foudre, and Tonnerre Malware for Cyber Espionage
First seen 17 Jan 2026, 05:01 UTC
•
•79% similarity
•53.9
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
The Prince of Persia APT, also known as APT-C-07, has been active since 2007 and is linked to Iranian cyber-espionage efforts. This group employs various malware families, including Infy, Foudre, and Tonnerre, to target media organizations, political entities, and civil society. Their operations typically involve spear-phishing and drive-by infection techniques, utilizing unique command-and-control methods like Telegram bot channels.
ThreatCluster AI