New evidence shows that Iran’s intelligence and military services are associated with cyber activities targeting Western countries through their network of contracting companies.
A string of multi-year leaks and doxxing efforts led by anti-Iranian government hacktivists and dissident networks has uncovered an intricate web of entities associated with the Islamic Revolutionary Guard Corps (IRGC) involved in cyber-attacks and information manipulation campaigns.
Cyber threat intelligence provider Recorded Future discussed some of the findings in a new report, published on January 25, 2024.
It has been found that at least four intelligence and military organizations linked to the IRGC engage with the bulk of cyber contracting parties. These include:
- IRGC’s Electronic Warfare and Cyber Defense Organization (IRGC-EWCD)
- IRGC’s Intelligence Organization (IRGC-IO)
- IRGC's Intelligence Protection Organization (IRGC-IPO)
- RGC's foreign operations group, aka the Quds Force (IRGC-QF)
“Each body has had specific advanced persistent threat (APT) groups closely associated with them; for example, in 2022, the Nemesis Kitten APT Cobalt Mirage, UNC2448, TunnelVision, and Mint Sandstorm (formerly tracked as "DEV0270") was linked via personas to the IRGC-IO by the anti-government group Lab Dookhtegan,” the report explained.
The leaks analyzed by Recorded Future show that these agencies maintain a long-standing relationship with Iran-based cyber contractors. Public records also point to an ever-growing web of front companies connected via individuals known to serve various branches of the IRGC.
No tags.
