Iranian hacking group APT42 has been conducting a sophisticated campaign against senior defense and government officials, using social engineering tactics and even targeting their families to apply pressure. The malware they deploy operates stealthily, blending with normal activity and employing various techniques to maintain persistence and exfiltrate sensitive data.

Profero successfully decrypted DarkBit ransomware, enabling recovery of a victim's files without ransom payment. The attack, linked to Iranian state-sponsored actors, involved a unique encryption method that Profero exploited, ultimately leading to significant data recovery due to the sparse nature of the affected VMware ESXi server files. Profero is offering assistance to future victims but will not publicly release the decryptor.