Combine AI-driven security operations, multi-signal attack surface coverage and 24/7 Elite Threat Hunters to help you take your security program to the next level.
Get unlimited Incident Response with threat suppression guarantee - anytime, anywhere.
CTEM and advisory programs that identify security gaps and build proactive strategies to address them.
Multi-agent Generative AI system embedded across eSentire’s Security Operations platform to scale human expertise.
Open XDR with Agentic AI & machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
See what our SOC sees, review investigations, and see how we are protecting your business.
Seamless integrations and threat investigation across your existing tech stack.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Extend your team capabilities and prevent business disruption with expertise from eSentire.
We balance automated blocks with rapid human-led investigations to manage threats.
Flexible MDR pricing and packages that fit your unique security requirements.
Entry level foundational MDR coverage
Comprehensive Next Level MDR from eSentire
Next Level MDR with Cyber Risk Advisors to continuously advance your security program
Stop ransomware before it spreads.
Meet regulatory compliance mandates.
Detect and respond to zero-day exploits.
End misconfigurations and policy violations.
Defend third-party and supply chain risk.
Prevent disruption by outsourcing MDR.
Adopt a risk-based security approach.
Meet insurability requirements with MDR.
Protect your most sensitive data.
Build a proven security program.
Operationalize cyber threat intelligence.
Stop identity-based cyberattacks.
THE THREAT On July 8th, 2025, Koi Security disclosed an extensive campaign dubbed RedDirection, involving 18 cross-platform browser extensions available on Google Chrome and…
Jun 26, 2025THE THREATOn June 25th, 2025, Citrix disclosed a critical vulnerability identified as CVE-2025-6543 (CVSS score: 9.2), impacting NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
We offer three flexible MDR pricing packages that can be customized to your unique needs.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
On June 12th and 13th, 2025, Israel conducted preemptive strikes against Iran, targeting military sites, a uranium enrichment facility, nuclear research centers, military bases, and other targets. The initial attack resulted in the death of high-ranking Iranian military and Islamic Revolutionary Guard Corps (IRGC) members. This military engagement is tracked under the name Operation Rising Lion; the reported goal is degrading Iran’s nuclear capabilities.
eSentire assesses with medium confidence that a portion of Iran’s response to this operation will include cyberattacks. Future Iranian cyberattacks may impact both private and government organizations in Israel and allied countries. Israel and its allies also face an increased risk of targeting by pro-Iranian hacktivist groups, although these attacks will likely be less impactful than the state response.
Organizations with operations in or affiliations to Israel are strongly encouraged to review and implement the recommended security measures outlined below.
Cyberattacks may be viewed by the Iranian government as a viable response to the recent kinetic attacks by Israel. While the primary target of activity is expected to be Israel, the US awareness/encouragement of the operation, and past military support of Israel, increases the likelihood of attacks against US organizations. These attacks are less resource intensive to conduct, when compared to physical attacks, and may still have a widespread impact. Additionally, attribution for cyberattacks is a difficult process, as such, Iranian APTs may impersonate other threat actors to establish plausible deniability. This would allow Iran to respond, without directly raising tensions in the region. The goal of new attacks would likely include data theft for espionage purposes, and potentially the deployment of destructive wiper malware.
Iranian state-sponsored threat actors, such as MuddyWater (Mercury Sandstorm), APT33 (Peach Sandstorm), APT34 (OilRig, Hazel Sandstorm), APT35 (Charming Kitten, Mint Sandstorm), APT39 (Remix Kitten), APT42, Silent Librarian, and Pioneer Kitten have a long history of targeting both Israel and Western organizations. Past targets of Iranian APTs include critical infrastructure such as energy and water & wastewater, as well as the government, telecommunication, education, healthcare, defense, finance, and aerospace sectors.
eSentire is aware of reports that Iranian threat actors employ a variety of different means to gain initial access into victim organizations. These include, but are not limited to, phishing and other social engineering-based vectors, bruteforce attacks, and the exploitation of vulnerabilities in Internet-facing assets.
In July 2022, an Iranian group operating under the name “HomeLand Justice” deployed wiper malware disguised as ransomware against Albania. In both 2023 and 2024, threat actors associated with the IRGC have targeted water and wastewater treatment facilities in North America and Israel with disruptive attacks. Additionally, in 2024, CISA reported that Iranian-based threat actors were identified supporting financially motivated ransomware attacks against organizations located in the US.
Hacktivist activity following Israel’s attack is also possible. Hacktivist activity is less sophisticated than attacks carried out by APT groups but may still be impactful. These attacks may include website defacements, hack-and-leak operations, and the deployment of ransomware or wiper malware.
For more information on Iranian APT activity, as well as recommendations, see CISA’s Iran Cyber Threat Overview and Advisories.
References:
[1] https://www.reuters.com/world/us/trump-said-us-was-aware-israels-plans-attack-iran-wsj-reports-2025-06-13/
[2] https://attack.mitre.org/groups/G0069/
[3] https://attack.mitre.org/groups/G0064/
[4] https://attack.mitre.org/groups/G0049/
[5] https://attack.mitre.org/groups/G0059/
[6] https://attack.mitre.org/groups/G0087/
[7] https://attack.mitre.org/groups/G1044/
[8] https://attack.mitre.org/groups/G0122/
[9] https://us-cert.cisa.gov/ncas/alerts/aa20-259a
[10] https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-264a
[11] https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-335a
[12] https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
[13] https://www.cisa.gov/topics/cyber-threats-and-advisories/advanced-persistent-threats/iran