THE CORTEX PROTOCOL
🏠Home🚨Threats🧠Insights📚Books
🔴 HIGHintel

UNK_SmudgedSerpent - Iranian Phishing Targets Policy Experts

Category:Threat Intelligence
Proofpoint attributes a phishing campaign to UNK_SmudgedSerpent targeting academics and policy experts via Iranian-themed lures (T1566, T1078). Attackers impersonate think-tank figures and use fake Microsoft login pages for credential theft.

🎯CORTEX Protocol Intelligence Assessment

Business Impact: Exposes sensitive research communications. Technical Context: Combines phishing, valid account reuse, and remote tools like PDQ Connect and ISL Online (T1566, T1078, T1133, T1105).

Strategic Intelligence Guidance

  • Enforce MFA on all mail and collaboration accounts.
  • Restrict RMM tool usage.
  • Deploy DMARC/SPF/DKIM policies.
  • Run targeted phishing simulations for staff.

Vendors

ProofpointMicrosoft

Threats

UNK_SmudgedSerpent

Targets

academicsforeign policy experts

Tags

#iranian-apt#phishing#proofpoint
Intelligence Source: UNK_SmudgedSerpent - Iranian Phishing Targets Policy Experts | Nov 11, 2025
More stories in Threat Intelligence