Quarterly Threat Report: Iranian Cyber Threat Actor Groups – Q2 2025

Iranian cyber operations continue to evolve, combining social engineering, credential harvesting, and cloud compromise techniques across multiple sectors.

UltraViolet Cyber’s Threat Intelligence & Detection Engineering (TIDE) team has compiled the latest insights on key actors, including APT42, APT33, APT34, and others, shaping Iran’s cyber capabilities.

This advisory provides security and IT leaders with a high-level view of how these groups operate, what they target, and how organizations can align defenses using current, intelligence-driven best practices.

Whether you’re responsible for protecting cloud infrastructure, sensitive data, or critical business operations, this report delivers the context and recommendations needed to support sound risk decisions.

Key Takeaways:

• Detailed breakdown of Iranian threat actor groups and their capabilities
• APT42 social engineering and credential harvesting TTPs
• Recommendations for proactive defense across cloud, endpoints, and identity
• Real-world attack vectors and mitigation strategies
• Intelligence-driven defense strategies based on UV Cyber’s active threat tracking