ACCORDING to Resecurity, a group called Nasir Security, believed to be linked to Iran, is targeting energy organisations in the Middle East, focusing on the Gulf region. The threat actors are said to have attacked supply chain vendors involved in engineering, safety and construction, with data stolen from these vendors including schemes, contracts and risk assessment reports.
Targets named by Resecurity include Dubai Petroleum (UAE), CC Energy Development (Oman), an Iraq-based oil and gas organisation, and Al-Safi Oil Company (PURE IN), which operates gas stations in Saudi Arabia and other areas. The group is described as using business email compromise via targeted spear phishing, impersonation, and exploiting public-facing applications, exfiltrating data from insecure cloud storage services, as part a combined supply chain and disinformation campaign.
Resecurity notes a pause in activity since October 2025 and urges caution in attribution, warning of potential false flags and psy ops during ongoing regional tensions. The article highlights that the IT and OT supply chain could be a high-priority target for Iran to demonstrate measurable impact amid the war.