×

Iran-Linked Hackers Target Aviation Sector with Fake Job Offers

Cybersecurity researchers have uncovered a campaign by Iranian-linked hackers posing as job recruiters to target software engineers in the aviation sector. This operation, which also affected a US oil and gas company, utilized fake job postings and malicious video conferencing tools. Experts believe that the aviation and energy sectors were chosen to potentially monitor flight operations and assess US energy responses during ongoing conflicts. While no successful breaches have been confirmed in these sectors, the threat remains significant as US officials continue to monitor Iranian cyber activities. Jeffrey Troy from the Aviation Information Sharing and Analysis Center noted that such attacks were anticipated due to the current geopolitical tensions.
By Narendra Chaudhary May 23, 2026, 04:47 IST

Cybersecurity Threats from Iran-Linked Hackers

Cybersecurity experts have revealed that hackers associated with Iran have been masquerading as job recruiters, creating fictitious employment opportunities aimed at software engineers in the aviation industry amid the ongoing conflict between the US and Israel and Iran. According to findings from Palo Alto Networks’ Unit 42, this campaign also targeted a US oil and gas firm, as well as entities in Israel and the UAE. The operation utilized deceptive job advertisements and video conferencing tools embedded with harmful code. In one case, the hackers posed as a US airline, promoting a position for a “senior software engineer.” The job listing appeared to be generated by artificial intelligence and included typical corporate jargon about “collaborating with cross-functional teams.”


Aviation and Energy Sectors Under Threat

Researchers indicated that the aviation and energy sectors were specifically targeted because infiltrating these industries could enable Iran to track flight manifests in the Middle East or gain insights into how US energy firms are navigating the fluctuating oil markets during the conflict. While Unit 42 researchers do not believe that the hackers successfully breached the aviation or oil companies in question, they suspect that other organizations involved in the broader campaign may have been compromised. This hacking activity coincides with ongoing vigilance from US officials regarding potential Iranian cyber threats to American infrastructure. Previous reports have suggested that Iranian hackers might be linked to a series of breaches affecting gas station tank readers in the US. Jeffrey Troy, president of the Aviation Information Sharing and Analysis Center, remarked that such Iranian operations were anticipated. “We have been expecting attacks as a consequence of the war,” Troy stated. Researchers noted that the Iranian hacking group has shown “no signs of slowing down” despite Israeli airstrikes in March that reportedly targeted Iran’s cyber warfare facilities.