🛡️ Security Tools

Iran's Hackers Swap Wipers for Identity Strikes

Forget the old disk-wipers; Iran's cyber crews are now hijacking your own admin tools to nuke devices. This sneaky pivot changes everything for global targets.

Marcus Rivera 📅 Apr 03, 2026 ⏱️ 3 min read 👁️ 0 views

Timeline graphic showing Iranian cyber evolution from Shamoon wipers to identity-based wipes

⚡ Key Takeaways

Iran shifted from noisy wipers (Shamoon) to stealthy LotL admin abuse for better evasion and scale.
MDM platforms are now prime attack vectors—treat them as weapons, not tools.
This evolution enables global disruption without custom malware, demanding new defenses.

🧠 What's your take on this?

Cast your vote and see what Threat Digest readers think

Written by

Marcus Rivera

Tech journalist covering AI business and enterprise adoption. 10 years in B2B media.

#IRGC hackers #Iranian APTs #Iranian cyber threats #MDM attacks #Void Manticore #identity abuse #living off the land #wiper malware

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Palo Alto Unit 42

Iran's Hackers Swap Wipers for Identity Strikes

⚡ Key Takeaways

The 60-Second TL;DR

🧠 What's your take on this?

Community Consensus

Marcus Rivera

Worth sharing?

⚡ Key Takeaways

The 60-Second TL;DR

🧠 What's your take on this?

Community Consensus

Marcus Rivera

Share this article

Worth sharing?

Related Stories

Iran's April 1 Deadline Puts Apple, Google in Crosshairs

Chrome's Fifth Zero-Day Patch: Google Races Against Relentless Exploits

IRGC Puts Apple, Google, Tesla on Middle East Hit List for April 1 Attacks

84% of Attacks Hijack Your Own Tools – And You're Still Blind

Stay in the loop