UniMac® A.I CyberSecurity Scoring
UniMac®
Company Information
Website:http://www.unimac.com
Employees number:20
Number of followers:4,259
NAICS:333
Industry Type:Machinery Manufacturing
Homepage:unimac.com
UniMac® Risk Score (AI oriented)
Between 700 and 749
UniMac®Machinery Manufacturing
Updated:
01/06/2026
01/06/2026
733/1000
Moderate
Ba
UniMac® Global Score (TPRM)
xxxx
UniMac®Machinery Manufacturing
Score locked

UniMac®Moderate
Current Score
733Ba (MODERATE)
01000
1 incidents
-12 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
733
JUNE 2026
733
MAY 2026
733
APRIL 2026
743
Cyber Attack
02 Apr 2026 • UniMac®
Vyncs and UNIMAC: Iran-Linked Hackers Destroy IT, Backups, and Recovery Systems in Cyberattack targeting Middle East
Iran-Linked Hackers Launch Destructive Cyber Campaign Targeting U.S. and Middle East Organizations
731
CRITICAL-12
UNIVYN1780316844
Iran-Linked Hackers Launch Destructive Cyber Campaign Targeting U.S. and Middle East Organizations
In a coordinated campaign of digital sabotage, Iran-linked hackers operating under the persona "Ababil of Minab" have executed a series of destructive attacks across the U.S. and Middle East, wiping IT systems, erasing backups, and crippling recovery infrastructure. The operation, active since late March and early April 2026, marks a shift from data theft to outright destruction, leaving victims with little means to restore operations.
The group first gained attention after breaching the Los Angeles County Metropolitan Transportation Authority (LA Metro), where attackers deleted virtual machines and disrupted the TAP Mobile App, preventing riders from loading fares. LA Metro confirmed the breach on April 2, 2026, hours after the attack. Additional victims include the South Florida Regional Transportation Authority, UNIMAC, and Vyncs, a consumer GPS tracking service. Targets also extended to Israel and Turkey, spanning media, higher education, and insurance sectors.
Forensic analysis by Gambit Security links the campaign to Black Shadow, a group previously attributed to Iran’s Ministry of Intelligence and Security by the Israel National Cyber Directorate. Unlike typical hacktivist claims, this operation was highly methodical, combining automated scripts with hands-on keyboard techniques to ensure irreversible damage.
Attackers employed custom destruction tools, including a Python script (main.py) that systematically dropped 58 SQL Server databases at Vyncs with zero failures. At UNIMAC, they wiped three storage volumes and left a calling card by renaming partitions "Minab." At the South Florida Regional Transportation Authority, they used secure deletion tools to overwrite web hosting directories, including SQL backups. In one case, an AI chatbot was used to refine a destruction script, adding a new layer of sophistication to state-backed cyber operations.
Beyond destruction, the group deployed two custom data theft tools:
- A Flask-based file receiver that exfiltrated stolen data via victims’ own public websites.
- FileFiend, a C++ tool that scanned drives and network shares, sending files to hardcoded command-and-control servers. While transfers were encrypted, the decryption key was transmitted alongside the data, exposing it to interception.
Attribution to Black Shadow was strengthened by a staging server previously used in a 2025 fake mental health support site targeting Israeli soldiers. The same infrastructure was repurposed for this campaign. Investigators also identified proxied RDP connections, secure deletion utilities (WipeFile), and Go-based tunnelers as part of the attackers’ toolkit.
The campaign’s indicators of compromise (IoCs) include multiple IP addresses (e.g., 31.172.87.20, 212.83.61.213), domains (nefeshhope[.]com, banujcobaar[.]com), and malware hashes (FileFiend/Exchangedb.exe). The attackers also used self-signed TLS certificates and redirected visitors to the FBI’s website when accessing non-existent pages on their servers.
This operation underscores a deliberate, state-backed effort to inflict maximum disruption, with attackers demonstrating deep knowledge of victims’ infrastructure to ensure permanent data loss.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
743
FEBRUARY 2026
743
JANUARY 2026
743
DECEMBER 2025
743
NOVEMBER 2025
743
OCTOBER 2025
743
SEPTEMBER 2025
743
AUGUST 2025
743
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for UniMac® ??
What was UniMac®'s A.I Rankiteo Cyber Score in June 2026 ??
What was UniMac®'s A.I Rankiteo Cyber Score in May 2026 ??
What was UniMac®'s A.I Rankiteo Cyber Score in April 2026 ??
What was UniMac®'s A.I Rankiteo Cyber Score in March 2026 ??
What was UniMac®'s A.I Rankiteo Cyber Score in February 2026 ??
What was UniMac®'s A.I Rankiteo Cyber Score in January 2026 ??
What was UniMac®'s A.I Rankiteo Cyber Score in December 2025 ??
What was UniMac®'s A.I Rankiteo Cyber Score in November 2025 ??
What was UniMac®'s A.I Rankiteo Cyber Score in October 2025 ??
What was UniMac®'s A.I Rankiteo Cyber Score in September 2025 ??
What was UniMac®'s A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on UniMac®'s A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with UniMac® ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view UniMac®'s profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?