New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


IP Addresses From Iran Target Texas

Unknown Actors Supporting Iran: According to Texas officials, they have been combating approximately 10,000 cyber-attacks per minute coming from IP addresses in the region around Iran. The spike occurred in the past few days, and the attacks are on the Texas Department of Information Resources. Texas officials stated that there was no way to tell who was behind the attack and that they expect attacks to continue for the next few days. Also, in Texas, the Texas Department of Agriculture website was defaced with a picture of Soleimani by an attacker that has been seen before. Stating “HACKED BY IRANIAN HACKER HACKED BY SHEILD IRAN x #theloserteam,” the same sort of message has been seen in the past few years and is presumed to be the same person or group carrying out the attack. The same attack also happened to the Alabama Veterans Websites.

Analyst Recommendation: Attacks such as website defacements are typically carried out by threat actors that do not have the necessary skills to perform more destructive attacks. In this case, the attacker behind the website defacements has been seen before spreading pro-Iranian propaganda. This attacker has never been linked to the Iranian government before and seems to be someone or a group that supports Iran. Attacks like the ones that Texas is thwarting occur every day, and just because they are coming from the region does not mean that they are all trying to breach the website on behalf of Iran. Many other threat actors could be using the situation between the United States and Iran to cover themselves when trying to carry out attacks following their own agenda. Making sure all systems are secure and up to date will make it harder for these attacks to be successful. Using a service to monitor networks and endpoints will help detect abnormal behavior and stop an attack or intrusion from a threat actor before they have full control or access to a network or machine.  

  For information on the multiple cyber-attacks in Texas read here:, and the defacements here: