Unit 42's Iran Threat Brief: What We're Seeing [Threat Vector]

CyberWire Daily

N2K Networks, Inc.

Tech News, News, Daily News, Technology

4.8 • 1.1K Ratings

🗓️ 5 March 2026

⏱️ 32 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors right now. What are they actually doing, what should you believe, and what should you do about it? In this episode of Threat Vector, David Moulton sits down with Justin Moore, Senior Manager of Threat Intelligence Research at Unit 42, and Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to walk through the Unit 42 Iran Threat Brief and what the observed activity means for defenders. You'll learn: - What Unit 42 is actually observing from groups like Handala Hack, FAD Team, and Dark Storm, and what claims remain unverified - Why Iran's reduced internet connectivity changes the threat picture in ways that aren't obvious - What dispersed operators and proxy groups mean for organizations far outside the Middle East - Which defensive actions matter most against the TTPs and IOCs Unit 42 has documented - How to handle hacktivist claims that may be exaggerated or false Justin Moore brings nine years of intelligence officer experience plus senior threat intel roles at Mandiant, Google, and TikTok before joining Unit 42. Andy Piazza has more than 20 years in security operations and threat intelligence, including leading IBM X-Force's global threat intel team. Read the threat brief from Unit 42: - Escalation of Cyber Risk Related to Iran (March 2026) - Escalation of Cyber Risk Related to Iran (June 2025) This episode is essential listening if you're: a CISO assessing current exposure, a threat analyst tracking Iran-linked groups, or a security leader who needs to explain the actual observed risk to your board. Related Episodes: - Inside the Mind of State-Sponsored Cyberattackers - Frenemies With Benefits - From Policy to Cyber Interference #Cybersecurity #ThreatIntelligence About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile.⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠http://paloaltonetworks.com.⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the Cyberwire Network, powered by N2K.
0:12.1	Most important thing to remember today is verify claims, they educate it, do the basics.
0:19.0	I'm David Moulton, and this is ThreatBector.
0:21.6	Today I'm speaking with Justin Moore and Andy Piazza from Unit 42.
0:25.7	Unif42 has published a threat brief on Iran-linked cyberactivity,
0:30.4	and these two are walking me through what the team is actually observing,
0:35.1	which groups are active and what defenders should be doing.
0:53.3	Justin Andy, welcome to ThreatVector. Really glad to have you both here today.
0:58.3	Thanks for having me, David.
0:59.9	Yeah, thanks for the break and the chaos. This is a good slowdown to have this conversation.
1:04.8	I know it's been a busy day for you today. I appreciate you give me a few minutes to walk through the threat brief.
1:09.7	Tell me what it's been like inside of Unit 42, Threaten Intelligence, the last few days.
1:16.2	Chaotic, busy.
1:18.2	A lot of typing and a lot of collaboration, a lot of communication,
1:22.4	trying to keep abreast of everything that's going on,
1:25.8	making sure that we're doing everything we can to protect our customers customers and that we know everything that's happening that we can say ahead
1:31.4	of. So keeping us up late at night and early in the morning. Yeah, piggyback off that. I think
1:37.7	Justin and I both being former ops folks, we thrive in chaos. So it's kind of been our sweet spot.
1:43.0	A lot of coordination. We call it
1:45.3	internally, we call this a rapid response. And I think every time we do one of these within the
1:49.4	organization, it gives us a really good opportunity to collaborate and work with some really,
1:54.1	really smart peers across the company, right? Product side and services side. So despite the
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.