Iran-linked botnet exposed after open directory leak revealed relay nodes, SSH scripts, and active C2 work

A suspected Iran-linked botnet operation was exposed after researchers found an open directory on an Iranian-hosted server that contained the actor’s working files, deployment scripts, DDoS tools, and an in-development bot client. Hunt.io said it discovered the exposed server on February 24, 2026 and later published its findings on March 17, describing the leak as […] The post Iran-linked botnet exposed after open directory leak revealed relay nodes, SSH scripts, and active C2 work appeared first on VPN Central.