Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury

Question

In the wake of Operation Epic Fury, digital attacks have shifted from quiet espionage to a loud, coordinated campaign of economic and physical retaliation. In response, the Tenable Research Special Operations (RSO) team is examining the latest threats and cyber operations linked to Iranian threat actors.
Recently Ministry of Intelligence and Security (MOIS) affiliated groups have significantly escalated their operations, shifting from espionage to disruptive and destructive campaigns. MuddyWater and the Void Manticore persona known as Handala are two groups which have seen an increased level of malicious activity surrounding the recent military operations in Iran.&nbsp;
For more information about this threat activity, including the availability of patches for the CVEs covered in our analysis as well as Tenable product coverage, please visit our blog.

ggottlieb · Answer

Is there a way to see the full list of 136 CVE that CISA shared as being used by threat actors?

scaveza · Answer

CISA has provided several cybersecurity advisories in recent years covering threat actors aligned with Iran and several of these publications do include lists of CVEs known to have been abused. One recommendation of material publicly available from CISA is:
https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran

Vulnerability Watch

Forum Discussion

Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury

2 Replies

Recent Discussions

CVE-2026-35616: Fortinet FortiClientEMS zero-day vulnerability exploited in the wild

FAQ on the Axios npm Supply Chain Attack by North Korea-Nexus Threat Actor UNC1069

CVE-2026-21992: Critical Oracle Fusion Middleware Vulnerability Out-of-Band Security Alert

Cyber Retaliation: Analyzing Iranian Cyber Activity Following Operation Epic Fury

Microsoft’s March 2026 Patch Tuesday Addresses 83 CVEs

Americas

Europe

Asia / Australia