Boggy Serpens Threat Assessment
Essential information
- Published
- 17/03/2026 09:13
- Modified
- 17/03/2026 10:46
- Tags
- 2026-03-17 ai-enhanced malware blackbeard critical-infrastructure cyberespionage energy ghostbackdoor iranian lamporat maritime nuso phoenix social engineering trusted relationship compromise udpgangster
- Related entities
- 1 vulnerabilities (cve), 35 observables, 1 intrusion sets (apt), 15 techniques (mitre), 6 malware, 18 others
Description
The Iranian threat group Boggy Serpens, linked to the Ministry of Intelligence and Security, has refined its cyberespionage tactics to focus on trusted relationship compromises and multi-wave targeting of strategic organizations. The group combines social engineering with AI-enhanced malware for long-term persistence, primarily targeting diplomatic and critical infrastructure sectors. Recent campaigns show increased technological capabilities, including AI-generated code and Rust-based tools. Boggy Serpens exploits hijacked accounts to bypass security measures and employs a secondary social engineering prompt to deliver malware. The group's determination is exemplified by a sustained four-wave campaign against a UAE marine and energy company, demonstrating its focus on infiltrating regional maritime infrastructure.