The Lion Surge.
IRGC-affiliated advanced persistent threat actors, including MuddyWater, APT33, APT34, APT42 and Charming Kitten, are actively targeting US critical infrastructure, financial systems and the MSPs defending them. Vijilan is responding with free active remediation for qualifying partners.
We mapped the threat. Now we're eliminating it.
Active until US victory, then 90 days more. Operation Lion Surge remains fully active until the United States officially declares victory in its conflict with the Islamic Republic of Iran. Vijilan will then honor every partner with an additional 90-day coverage extension at no cost, ensuring no organization is left exposed during the post-conflict transition window when residual Iranian threat-actor cells may still be operational.
Vijilan Founder KayVon Nejad's published research documented how Iran constructed one of the world's most weaponized cyber ecosystems: Huawei deep packet inspection (DPI) systems, ZTE nationwide interception platforms, IRGC-affiliated integrators such as Khatam al-Anbiya and SAIRAN, and Russian-origin endpoint tools embedded throughout their national infrastructure.
As that regime collapses, its advanced persistent threat (APT) actors, hacktivist proxy networks and cyber militia units do not stand down. CISA, NSA, FBI and Palo Alto Unit 42 have all issued advisories documenting the surge in outward Iranian cyber aggression since February 2026. Operation Lion Surge is Vijilan's direct response.
Enterprise-grade active remediation. At no cost.
Breaches stopped before they spread
Threats are contained and eliminated before your client ever knows there was an incident. Your reputation stays intact.
Ransomware never reaches deployment
Iranian APT actors are cut off mid-chain: before encryption, before data exfiltration, before business disruption begins.
Stolen identities go nowhere
Compromised accounts are rendered useless in minutes. Credential-based lateral movement, Iran's most common attack vector, is dead on arrival.
Your attack surface shrinks continuously
Unpatched vulnerabilities, misconfigurations and exposed assets are identified and prioritized before adversaries can exploit them.
Audit-ready incident records, always
Every response action is documented, timestamped and ready for compliance, cyber-insurance claims or executive reporting.
No gap in coverage, ever
Iranian threat actors hit hardest at night, on weekends and during holidays. Vijilan's SOC operates around the clock so your clients are never unguarded.
The threat actors targeting your clients right now.
Iran's offensive cyber operations are executed by two primary intelligence organs: the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS). Each controls multiple APT groups deploying sophisticated TTPs, including spear-phishing, credential harvesting, living-off-the-land binaries, destructive wiper malware and ransomware-as-a-service.
Handala Hack
MOIS-linked. Blends data exfiltration with ICS targeting. Reduced public activity since Jan 2026, which historically signals active operations underway.
Emennet Pasargad
Cotton Sandstorm / Haywire Kitten. IRGC-linked. Cyber-enabled influence operations against US, Israel, France and Sweden. Expanding scope in 2026.
DieNet
Pro-Iranian DDoS collective. Claimed responsibility for attacks on US energy, financial, healthcare and government systems following US military strikes.
Cyber Islamic Resistance (313 Team)
IRGC-affiliated cell active in the Electronic Operations Room formed Feb 28, 2026. Targeting Gulf-state and Western government infrastructure.
Activation in 4 steps.
- 01
Apply as a partner
Complete Vijilan's MSP/MSSP partner application. Existing partners proceed directly to Step 3.
- 02
Fast-track approval
Operation Lion Surge applicants receive expedited vetting. Critical-sector partners prioritized.
- 03
Your clients get covered
Vijilan's team onboards eligible client environments fast: full protection active within days, not months.
- 04
SOC goes live
Vijilan's global 24/7 SOC assumes active monitoring, detection and hands-on remediation.
Vijilan operates the same SOC and the same response capability worldwide, with documentation aligned to each region's compliance framework.
A compromised infrastructure means a compromised future.
Operation Lion Surge is active now. Every day without coverage is a day Iranian APT actors can move freely through your clients' networks. The offer costs nothing. The risk of waiting does.
SOC 2 Type 2 · ISO 27001 · No minimums · White-label ready