APT / THREAT GROUP
Iron
1
aliases
Intelligence Profile
It is currently unknown if Iron is indeed a new variant by the same creators of Maktub, or if it was simply inspired by the latter, by copying the design for the payment portal for example.
We know the Iron ransomware has mimicked at least three ransomware families:Maktub (payment portal design)
DMA Locker (Iron Unlocker, decryption tool)
Satan (exclusion list)
Threat Analysis
Iron is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Iron
Identity Lifecycle Management Wasn't Built for AI Agents
The Hacker News· Jul 2, 2026
Hackers target Microsoft 365 accounts with 81 million login attempts
BleepingComputer· Jul 1, 2026
Microsoft 365 Hardening and Huntress Managed ISPM
Huntress Blog· Jun 30, 2026
'Djinn' Stealer Targets Cloud, AI Credentials
Dark Reading· Jun 29, 2026
Meeting Trump's 2030 Quantum Deadline Will be Expensive, Complex
Dark Reading· Jun 26, 2026
Guardian Agents: The Next Layer of Identity Governance
The Hacker News· Jun 26, 2026
Exclusive: Meet AIVEX, a New Triage Model Built to Reduce Supply Chain Threat and Risk
SecurityWeek· Jun 24, 2026
Using SASE in a Modern TIC 3.0 Solution
CISA Alerts· Jun 24, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases1
Also Known As
Iron
Research Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.