Summary

The Iranian threat group Infy, also known as Prince of Persia, has resumed operations with new command-and-control (C2) servers following an internet blackout in Iran. The group has evolved its tactics to better conceal its activities.

Key Points

• Infy is an Iranian threat group also known as Prince of Persia.
• The group halted its C2 server operations on January 8, 2026.
• New C2 infrastructure was established after the end of an internet blackout in Iran.
• Infy has evolved its tactics to hide its tracks more effectively.

Analysis

The resumption of Infy's operations with new C2 servers highlights the group's adaptability and persistence in the face of internet restrictions. This development underscores the ongoing threat posed by state-affiliated cyber actors who continuously refine their methods to evade detection and maintain operational capabilities.

Conclusion

IT professionals should monitor for indicators of compromise related to Infy's activities and ensure that their network defenses are updated to detect and mitigate potential threats from this group.