Telegram for the throne. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Technology, Tech News, Daily News, News

4.8 • 1.1K Ratings

🗓️ 21 February 2026

⏱️ 22 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Today we have Tomer Bar, VP of Security Research at SafeBreach Labs, discussing their work on "Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope". In this first installment of SafeBreach’s deep dive into the Iranian-linked APT known as “Prince of Persia,” originally exposed by Palo Alto Networks Unit 42, researchers reveal that the group never truly went dark after 2022—but instead evolved. Led by Tomer, the investigation uncovers new variants of Foudre and Tonnerre malware, expanded campaign scale, active C2 infrastructure through late 2025, and a shift toward Telegram-based command-and-control. The research provides rare, sustained visibility into nearly a decade of Iranian nation-state cyber operations, offering fresh indicators of compromise and insight into how the group continues to refine its tooling, obfuscation, and targeting. The research can be found here: Prince of Persia, Part 1: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:10.2	When it comes to mobile application security, good enough is a risk.
0:15.6	A recent survey shows that 72% of organizations reported at least one mobile application security incident last year,
0:23.5	and 92% of responders reported threat levels have increased in the past two years.
0:29.4	Guard Square delivers the highest level of security for your mobile apps
0:33.0	without compromising performance, time to market, or user experience.
0:38.3	Discover how Guard Square provides industry-leading security for your Android and iOS apps
0:44.1	at www.gardesquare.com.
0:48.0	Thank you. Hello everyone and welcome to the CyberWires Research Saturday.
1:03.2	I'm Dave Bittner, and this is our weekly conversation with researchers and analysts
1:07.7	tracking down the threats and vulnerabilities, solving some of the hard problems
1:12.2	and protecting ourselves in a rapidly evolving cyberspace. Thanks for joining us.
1:21.4	This threat atoll is very persistent. It's active since 2007, and it's very rare for a threat actor is very persistent. It's active since 2007 and it's very rare for a threat actor to be fully active for 20 years with almost the same tools and arsenal.
1:38.3	So every time when I lose my visibility into their malicious activity, they are replacing and moving between
1:50.0	different C2 servers, between different malware version, but in general, it's very difficult for them
1:57.8	to change all of their characteristics and all of their things that they do.
2:03.4	And once I have at least one thing which is an anchor, I regain visibility into their
2:10.9	malicious activity until the next time.
2:14.1	That's Tomer Barr, VP of Security Research at Safe Breach Labs.
2:18.7	The research we're discussing today is titled Prince of Persia,
2:22.2	a decade of Iranian nation-state APT campaign activity under the microscope.
2:34.1	Well, tell us about this threat group.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.