Cybersecurity researchers have uncovered a sophisticated malware campaign targeting supporters of protests in Iran, raising fresh concerns about digital espionage as tensions between Washington and Tehran continue to simmer.
The malware, dubbed “Crescent Harvest,” was identified by cybersecurity firm Acronis during routine threat-hunting operations earlier this year. Investigators say the campaign is carefully designed to exploit trust among activists, journalists and members of the Iranian diaspora seeking updates about unrest inside the country.
According to Acronis researchers, attackers are using long-term social-engineering tactics — building online relationships with sympathetic individuals before sending files disguised as protest materials. These archives appear to contain photos, videos and Farsi-language reports on developments in Iranian cities. Hidden inside, however, is malware capable of stealing passwords and granting remote access to infected devices.
Experts warn that once installed, the malicious software is difficult to remove and can quickly reconnect with attackers when a device goes back online. The campaign is believed to focus on long-term surveillance and information theft, particularly targeting computers used by activists, dissidents and media professionals.
Acronis noted that the malware is distributed via email, text messages and chat platforms, and its heavy use of Farsi suggests links to actors sympathetic to the Iranian regime. Security specialists are urging users to remain vigilant, avoid opening unsolicited files and keep cybersecurity protections fully updated.
The discovery comes as Iran’s cyber capabilities continue to draw international scrutiny. Following recent regional tensions, the United States Department of Homeland Security warned that cyber retaliation remains a possible threat. A 2025 report by Microsoft found that Iran-linked cyber actors frequently target countries including Israel, the US, the UAE and India. Officials from the Federal Bureau of Investigation have previously cautioned that a major state-backed cyber attack could carry serious geopolitical consequences.
For Gulf audiences, the campaign highlights the growing importance of cyber awareness as regional actors and global tensions increasingly intersect in the digital space.
