Brother
Professional
- Messages
- 2,590
- Reaction score
- 496
- Points
- 83
The IRGC is actively building up its potential in the digital world.
A new report by the information security company Recorded Future provides evidence of the involvement of Iranian military intelligence agencies in cyber attacks against Western countries. The data was obtained as a result of years of leaks and doxing operations carried out by anti-government hacking groups and dissident networks.
The report revealed close links between several organizations associated with the Islamic Revolutionary Guard Corps (IRGC) and contractor companies involved in cyber attacks. The main structures include:
According to the report, each of these organizations is closely associated with certain APT groups. For example, in 2022, the Nemesis Kitten APT group (Cobalt Mirage, UNC2448, TunnelVision, Mint Sandstorm) was linked to the IRGC Intelligence Organization.
Analysis of the leaks revealed that the agencies have long-standing relationships with Iranian cybercriminals. Public records also point to an ever-growing network of contracting companies linked through individuals known for their work for various IRGC units.
The Recorded Future report mentions specific Iranian contractors involved in aggressive cyber operations, including Ayandeh Sazan Sepehr Aria Company, Sabrin Kish, Soroush Saman Company and other entities under US sanctions. The researchers also noted constant changes in the structure of Iranian contractors, including frequent cases of their disbanding and rebranding to hide their actions.
In addition, the report indicates that through their relations with contractors, Iranian government agencies were directly or indirectly involved in cyber attacks on major American financial institutions, industrial Control Systems (ICS) In the United States and other countries, as well as in ransomware attacks against various industries, including healthcare. The report also claims that some of the contractors exported their technology abroad for surveillance and offensive purposes.
Based on an analysis of the leaks, Recorded Future researchers concluded that US sanctions are likely an effective means of legal and diplomatic pressure that makes it harder for IRGC contractors to evade detection.
A new report by the information security company Recorded Future provides evidence of the involvement of Iranian military intelligence agencies in cyber attacks against Western countries. The data was obtained as a result of years of leaks and doxing operations carried out by anti-government hacking groups and dissident networks.
The report revealed close links between several organizations associated with the Islamic Revolutionary Guard Corps (IRGC) and contractor companies involved in cyber attacks. The main structures include:
- IRGC's Electronic Warfare and Cyber Defense Organization (IRGC-EWCD);
- IRGC's Intelligence Organization (IRGC-IO);
- IRGC's Intelligence Protection Organization (IRGC-IPO);
- The IRGC's foreign operations group, aka the Quds Force, IRGC-QF.
According to the report, each of these organizations is closely associated with certain APT groups. For example, in 2022, the Nemesis Kitten APT group (Cobalt Mirage, UNC2448, TunnelVision, Mint Sandstorm) was linked to the IRGC Intelligence Organization.
Analysis of the leaks revealed that the agencies have long-standing relationships with Iranian cybercriminals. Public records also point to an ever-growing network of contracting companies linked through individuals known for their work for various IRGC units.
The Recorded Future report mentions specific Iranian contractors involved in aggressive cyber operations, including Ayandeh Sazan Sepehr Aria Company, Sabrin Kish, Soroush Saman Company and other entities under US sanctions. The researchers also noted constant changes in the structure of Iranian contractors, including frequent cases of their disbanding and rebranding to hide their actions.
In addition, the report indicates that through their relations with contractors, Iranian government agencies were directly or indirectly involved in cyber attacks on major American financial institutions, industrial Control Systems (ICS) In the United States and other countries, as well as in ransomware attacks against various industries, including healthcare. The report also claims that some of the contractors exported their technology abroad for surveillance and offensive purposes.
Based on an analysis of the leaks, Recorded Future researchers concluded that US sanctions are likely an effective means of legal and diplomatic pressure that makes it harder for IRGC contractors to evade detection.
