Infy is a threat actor attributed to IR, also known as Foudre, Prince of Persia, Operation Mermaid. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does Infy exploit?

Specific CVE exploitation data for Infy is being tracked. Check the Strobes VI threat actor profile for updates.

Infy

Also known as: Foudre, Prince of Persia, Operation Mermaid

Exploited CVEs

Overview

Infy is a group of suspected Iranian origin. Since early 2013, we have observed activity from a unique threat actor group, which we began to investigate based on increased activities against human right activists in the beginning of 2015. In line5with other research on the campaign, released prior to publication of this document, we have adopted the name “Infy”, which is based on labels used in the infrastructure and its two families of malware agents. Thanks to information we have been able to collect during the course of our research, such as characteristics of the group’s malware and development cycle, our research strongly supports the claim that the Infy group is of Iranian origin and potentially connected to the Iranian state. Amongst a backdrop of other incidents, Infy became one of the most frequently observed agents for attempted malware attacks against Iranian civil society beginning in late 2014, growing in use up to the February 2016 parliamentary election in Iran. After the conclusion of the parliamentary election, the rate of attempted intrusions and new compromises through the Infy agent slowed, but did not end. The trends witnessed in reports from recipients are reinforced through telemetry provided by design failures in more recent versions of the Infy malware.

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.