Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout

SafeBreach Labs uncovered that the Iranian state-sponsored "Prince of Persia" threat actor rapidly evolved its tactics—leveraging new malware, attack vectors, and Telegram-based C2—while attempts to cover tracks and operational pauses during Iran’s internet blackout provided definitive proof of direct regime control and enabled researchers to predict the group’s actions.