Code Blue indicate - Emerging Cyber Threat Landscape: Iran Expands Cyber Strategy with "Wiper-as-a-Service" Model
TEL AVIV, Israel, April 1, 2026 /CNW/ -- Recent investigations by Code Blue Ltd indicate a shift in Iran's cyber operations from the Ransomware-as-a-Service (RaaS) model to a more destructive approach: Wiper-as-a-Service. This reflects a broader strategy of distributing state-level capabilities to proxy actors, increasing both the scale and impact of attacks.
Findings from multiple investigations by Code Blue show similar tools used across different threat groups, suggesting that Iran's Ministry of Intelligence (MOIS) is enabling widespread access to advanced capabilities. For the first time, destructive wiper tools, previously associated with state actors - are now being used by proxy groups, pointing to a decentralized and scalable attack model.
At the same time, a clear division of labor is emerging, where one actor gains initial access and another carries out the destructive phase. This modular structure significantly reduces time-to-impact and reflects a coordinated operational approach.
Iran is expanding its reliance on proxy groups such as Anonymous for Justice, Handala, and Moses Staff, creating a distributed network of cyber actors. This shift may be driven in part by infrastructure constraints, alongside a growing adoption of cybercrime tools and operating models to accelerate activity.
We assess that this model will continue to expand, with more actors gaining access to advanced capabilities and a rise in attack volumes across Israel, North America, Europe, and the Middle East. The primary risk is no longer limited to data theft, but includes direct disruption to operations, systems, and business continuity.
Organizations should prepare for a new phase in cyber threats defined by speed, decentralization, and destructive impact.
About Code Blue
Code Blue is a cyber crisis management company behind Blue Castle, an AI–driven platform that helps organizations prepare for, manage, and recover from high–impact cyber incidents that escalate into business–critical events. Led by experienced practitioners, Code Blue delivers end–to–end cyber crisis management, combining proven methodologies with multidisciplinary expertise to support leadership–level decision–making under pressure. Blue Castle enables continuous readiness and provides real–time, structured decision support during critical cyber events.
For additional information, visit: https://codebluecyber.com/ or visit our LinkedIn Channel.
Contact:
Anna Plot
[email protected]
Logo - https://mma.prnewswire.com/media/2842613/5665145/Code_Blue_logo.jpg
SOURCE Code Blue
Share this article