Recent findings reveal that the Iranian hacking group known as Infy, also referred to as the Prince of Persia, remains active with an alarming scale of operations, which experts did not anticipate. According to Tomer Bar, vice president of security research at SafeBreach, the group has been involved in sophisticated campaigns targeting high-value individuals, including dissidents and academics, across several countries.
Infy's activities have been documented since December 2004, making it one of the oldest advanced persistent threat (APT) actors. Unlike other Iranian hacking groups that focus on large-scale espionage, Infy employs a more targeted approach, using malware such as Foudre and Tonnerre to extract sensitive information. Recent updates to these tools have been identified, with the latest version of Tonnerre detected in September 2025.
The group's operations have spanned multiple regions, including Iran, Iraq, Turkey, India, and Canada, alongside various European nations. SafeBreach's analysis indicates a shift in their attack methodology, moving from embedding malicious macros in Excel files to directly installing Foudre through executables within documents.