Iranian hackers are now taking their psychological warfare tactics directly to government officials and employees at major companies.

Why it matters: Even unproven threats from Iranian hackers can create fear, uncertainty and doubt — draining attention and forcing targets to divert time and resources from their own operations.

Driving the news: In the last week, Iran-linked hackers paired two data leaks with intimidation tactics aimed at individuals.

• Handala Hack Team — a pro-Iran hacktivist group linked to Iran's intelligence services — leaked a trove of emails on Friday purportedly from FBI Director Kash Patel's personal Gmail.
• The group also released data earlier last week allegedly tied to U.S.- and Israel-based Lockheed Martin employees and claimed it had called workers to share personal details about their families, children and current locations.

Yes, but: The Lockheed Martin claims remain unverified.

• A separate pro-Iran group previously claimed it had breached the defense contractor. A Lockheed Martin spokesperson told Axios at the time the company was "aware of the reports" and "remains confident in the integrity of our robust, multi-layered information systems and data security."
• A Wired reporter found that many of the phone numbers tied to Israel-based Lockheed Martin employees weren't working.

Threat level: Targeting individuals, rather than corporate networks, marks a more aggressive and intimidating turn in Iran's cyber playbook, aimed at eroding trust and shaping public perception during the current conflict.

• The initial cache of Patel's stolen emails dates between 2010 and 2019 and includes only seemingly innocuous items like travel receipts and family and vacation photos, according to an Axios review of the documents.
• But digital sleuths have already used those crumbs — including just his Gmail address — to map parts of his online life, surfacing old Google reviews and other accounts.

Between the lines: Even recycled or low-value data can force costly investigations and response efforts. And that tactic doesn't require new hacks to be effective.

• The campaigns can also pressure key supporters of the U.S. and Israel to reconsider their backing if the threats escalate, Jake Williams, an IANS faculty member and a former NSA hacker, told Axios.
• "Part of it has to be that it's consuming resources," Williams said. "A month from now, I can leak exactly the same emails, claim they're brand new and consume hundreds of person hours at the FBI."

The intrigue: Earlier this month, the U.S. government accused Iran's Ministry of Intelligence and Security of operating Handala, which also claimed responsibility for a cyberattack on U.S. medical tech giant Stryker.

• The Iranian government also breached Patel's communications in late 2024, according to CNN.

What to watch: Whether Handala releases more recent emails — and whether similar tactics spread to other officials or defense industry employees.

Suspected Russia-linked hackers targeted journalists and researchers with phishing emails impersonating the Atlantic Council in an apparent attempt to deploy a commercial spyware tool, researchers said Friday.

Why it matters: The campaign marks the first time this Russia-linked group has been observed targeting iOS devices — a notable expansion in capability driven by the growing availability of off-the-shelf mobile spyware.

Driving the news: Earlier this month, researchers at Google, iVerify and Lookout warned about DarkSword, spyware that can infect outdated iPhones simply by visiting a malicious website — no user interaction required.

• Days later, a newer version of DarkSword was leaked on GitHub, TechCrunch reported, making the tool widely accessible to other threat actors.

Threat level: The latest campaign appears to be the first known real-world use of that leaked version.

Zoom in: On Friday, a handful of Europe-based journalists and researchers said they had received an email pretending to be from Atlantic Council CEO Frederick Kempe.

• The messages invited recipients to a "closed-door strategic discussion" on European security amid "evolving geopolitical dynamics."
• The emails contained a link that, if opened on vulnerable devices, could have triggered the spyware infection.

Reality check: "The emails are not authentic," the Atlantic Council said in a statement Friday. "We encourage those who have received these emails to report them to relevant authorities."

The intrigue: Proofpoint assessed with "high confidence" that TA446, a group linked to Russia's Federal Security Service, was behind the campaign, likely for credential harvesting and intelligence collection.

• The firm also said the group's activity has spiked in recent weeks, with phishing volume "significantly higher" than normal.

What to watch: The public release of tools like DarkSword lowers the barrier to entry for sophisticated mobile attacks and could accelerate their spread beyond traditional intelligence targets.

Google warned last week that it now expects quantum computing to be a reality by 2029 — accelerating its timeline amid advances in hardware and key algorithms.

Why it matters: The new three-year countdown sets up a scramble for security leaders, who must replace encryption standards that quantum machines could eventually break.

Driving the news: In a blog post Wednesday, Google said companies now have until 2029 to migrate to post-quantum cryptography.

• The company pointed to advances in quantum chips, improvements in error-correction algorithms, and declining costs.

The big picture: Cybersecurity experts and national security officials have long estimated the world had until at least 2030 to prepare sensitive systems and data for a quantum era.

• While much about quantum's capabilities remains uncertain, one major concern is that it could break today's government-grade encryption and expose highly sensitive information.
• Experts also warn that Chinese intelligence services may already be harvesting encrypted U.S. government and corporate data to decrypt later with quantum systems.

Between the lines: Cybersecurity vendors have ramped up warnings about quantum risks in recent months, rolling out new products and hosting dedicated summits.

The intrigue: Dena Bauckman, head of product management and product marketing operations at Sectigo, said more companies are starting to prepare for "Q-Day" — driven in part by lessons from the sudden rise of generative AI.

• "I wonder if companies are looking at how AI has hit them ... and if they're now going, 'Quantum is going to be like that,'" she said.

What to watch: Google is moving to meet its own deadline, and the company said it is now taking steps to implement post-quantum cryptography across Android devices.

If you are tired of hearing about agentic AI, the RSAC Conference in San Francisco was not the place to be last week.

The big picture: Companies young and old worked hard to sport an agentic angle at the world's largest cybersecurity conference.

Zoom in: From months-old startups to those founded well before the AI revolution — like 1Password, Mimecast and Proofpoint — everyone focused on explaining what their products do to help protect agentic AI.

• In some cases, that was nothing more than agentic wrapping around a previous product, but most agreed that the need for security is real.

State of play: Perhaps the most important area of that is being able to secure the identities of nonhumans and agents, just like a network has to identify us humans.

• Money has poured into securing agents, and even some mergers and acquisitions have occurred, but it is getting hard even for investors to see the forest for the trees with so much agentic talk.

What they're saying: "There's a little noise and confusion," says Alex Doll, founder of cyber specialist firm Ten Eleven Ventures.

• "It's never been more important to understand tech as an investor."

If you need smart, quick intel on dealmaking in the enterprise software industry for your job, get Axios Pro Deals.

@ D.C.

🛜 The Federal Communications Commission has banned the import of new foreign-made, consumer-grade routers over national security concerns. (PCMag)

👀 President Donald Trump is calling for a clean 18-month extension of Section 702 of the Foreign Intelligence Surveillance Act, which is set to expire April 20. (The Hill)

🇪🇺 The European Commission is investigating a cyberattack on its websites that may have resulted in data theft. (Politico)

@ Industry

🤖 Anthropic accidentally leaked details about its unreleased model, which the company says show significant advancements in its cybersecurity capabilities than previous models. (Fortune)

⚠️ Top AI and government leaders are warning that the forthcoming new models from Anthropic, OpenAI and other tech giants could be capable of the catastrophic cyberattack they've long feared. (Axios)

@ Hackers and hacks

🚨Hackers have compromised an account belonging to a maintainer for a major open-source package that's downloaded around 400 million times a month, and they've already published two malware-laced versions of the package. (BleepingComputer)

🚔 Russian authorities arrested the suspected administrator of LeakBase, a major online marketplace for stolen data. (The Record)

🇬🇧 The U.K. government has sanctioned Xinbi Guarantee, an online black marketplace that uses channels and accounts on Telegram to conduct $20 billion in cryptocurrency transactions. (Wired)

🏕️ I highly recommend escaping to the woods for a weekend to recharge!