Buy or Renew

Threat Vector | Unit 42's Iran Threat Brief: What We're Seeing

Threat Vector Template.jpg

Unit 42 is tracking more than 60 active hacktivist groups and Iran-linked threat actors right now. What are they actually doing, what should you believe, and what should you do about it?

In this episode of Threat Vector, David Moulton sits down with Justin Moore, Senior Manager of Threat Intelligence Research at Unit 42, and Andy Piazza, Senior Director of Threat Intelligence at Unit 42, to walk through the Unit 42 Iran Threat Brief and what the observed activity means for defenders.

You'll learn:

What Unit 42 is actually observing from groups like Handala Hack, FAD Team, and Dark Storm, and what claims remain unverified
Why Iran's reduced internet connectivity changes the threat picture in ways that aren't obvious
What dispersed operators and proxy groups mean for organizations far outside the Middle East
Which defensive actions matter most against the TTPs and IOCs Unit 42 has documented
How to handle hacktivist claims that may be exaggerated or false

Justin Moore brings nine years of intelligence officer experience plus senior threat intel roles at Mandiant, Google, and TikTok before joining Unit 42. Andy Piazza has more than 20 years in security operations and threat intelligence, including leading IBM X-Force's global threat intel team.

Read the threat brief from Unit 42:

Escalation of Cyber Risk Related to Iran (March 2026)
Escalation of Cyber Risk Related to Iran (June 2025)

This episode is essential listening if you're: a CISO assessing current exposure, a threat analyst tracking Iran-linked groups, or a security leader who needs to explain the actual observed risk to your board.

Related Episodes:

Join the conversation on our social media channels: