According to the Japan Times, Mitsubishi Electric has disclosed that Chinese actors hit the company with a "massive" cyber attack last year. In addition to personal information on some eight-thousand individuals, attackers may have obtained "email exchanges with the Defense Ministry and Nuclear Regulation Authority, as well as documents related to projects with firms including utilities, railways, automakers and other firms."
Cisco's Talos unit has described "JhoneRAT," a remote access Trojan currently active against Arabic-speaking targets in Saudi Arabia, Iraq, Egypt, Libya, Algeria, Morocco, Tunisia, Oman, Yemen, Syria, UAE, Kuwait, Bahrain and Lebanon. It's custom code, not a commodity attack tool, and its use seems part of an espionage campaign.
CISA Director Krebs is quoted in Fifth Domain to the effect that the threat of a retaliatory Iranian cyberattack was diminishing over time, but the US Federal Deposit Insurance Corporation has warned the more than five-thousand banks and financial services institutions it supervises that they should be on heightened alert for cyberattacks.
While Iran may not, as the Verdict argues, rush into attacks on US infrastructure, it's nonetheless worth reviewing Iranian capabilities. APTs 33 (Elfin), 34 (OilRig), 35 (Charming Kitten), and 39 all have well-established track records, and, as IntSights explains in this context, there's also an active hacktivist community more-or-less aligned with Tehran's goals.
Thinking of filing a claim in the Equifax breach settlement? The deadline is tomorrow.