Research & news
Dream researchers push technology to its furthest edge, building and testing breakthrough capabilities, from artificial intelligence and advanced threat hunting to malware reverse engineering, and vulnerability research in existing and emerging attack surfaces.
Operating at the frontier of cyber and artificial intelligence research, we turn bold ideas into working innovation that strengthens how nations anticipate, understand, and neutralize the most complex threats.
This report links nine coordinated phishing campaigns from 2025 to the Iranian APT group MuddyWater, revealing a single, consistent operational footprint across attacks targeting governments and diplomatic sectors worldwide. Through analysis of shared C2 behavior, VBS loaders, and repeated staging logic, the investigation connects previously isolated incidents into one unified espionage effort marked by infrastructure reuse and stable TTPs.
In August 2025, Dream uncovered a large-scale Iran-nexus spear-phishing campaign that used a compromised Omani MFA mailbox to target governments worldwide. Attributed to the MOIS-aligned Homeland Justice group, the operation deployed malicious diplomatic-themed emails containing macro-encoded payloads. Analysis revealed a far broader campaign than initially believed, using 104 compromised accounts across 270 emails to disguise attribution and infiltrate embassies, consulates, and international organizations by highlighting a coordinated regional espionage effort amid heightened geopolitical tensions.
Dream is launching its AI Cyber Factory, built on the NVIDIA Enterprise AI Factory validated design and powered by NVIDIA NIM microservices, to deliver adaptive, secure, and autonomous cyber defense for national infrastructure. Unlike traditional tools that provide fragmented visibility and manual workflows, Dream’s platform continuously monitors, interprets, and responds to cyber signals in real time.