HomeRisk ManagementsNew revelations uncover interconnected network of Iranian intelligence and cyber firms

New revelations uncover interconnected network of Iranian intelligence and cyber firms

Published on

spot_img

Iran’s Intelligence and Military Services Linked to Cyber-Attacks

A recent report by cyber threat intelligence provider Recorded Future has revealed new evidence that Iran’s intelligence and military services are associated with cyber activities targeting Western countries through their network of contracting companies. The report, published on January 25, 2024, sheds light on a web of entities connected to the Islamic Revolutionary Guard Corps (IRGC) involved in cyber-attacks and information manipulation campaigns.

According to Recorded Future, at least four intelligence and military organizations linked to the IRGC are primarily engaged with a network of cyber contracting parties. These organizations include IRGC’s Electronic Warfare and Cyber Defense Organization (IRGC-EWCD), IRGC’s Intelligence Organization (IRGC-IO), IRGC’s Intelligence Protection Organization (IRGC-IPO), and the IRGC’s foreign operations group, also known as the Quds Force (IRGC-QF).

The report also details specific advanced persistent threat (APT) groups closely associated with these bodies. In 2022, the Nemesis Kitten APT Cobalt Mirage, UNC2448, TunnelVision, and Mint Sandstorm were linked to the IRGC-IO by the anti-government group Lab Dookhtegan. Additionally, public records indicate an ever-growing web of front companies connected through individuals known to serve various branches of the IRGC.

Recorded Future analyzed leaks that show the long-standing relationship between these agencies and Iran-based cyber contractors. Some of the cyber operators involved in offensive cyber activities include “Ayandeh Sazan Sepehr Aria Company,” “Sabrin Kish,” “Soroush Saman Company,” as well as other sanctioned entities like “Najee Technology Hooshmand Fater LLC” and “Emen Net Pasargad.”

However, researchers have observed constant movement within the web of Iran-based cyber contractors, with companies frequently disbanding and rebranding in an attempt to obfuscate their activities. There are also overlaps between personnel members of these contracting companies, who share roles and are known to serve various branches of the IRGC. Some of the data reveals names of high-ranking IRGC officials purportedly responsible for leading and coordinating Iran’s offensive cyber ecosystem.

Through their links with these cyber contractors, the Iranian government agencies are associated with, if not directly complicit in, targeting major US financial institutions, industrial control systems (ICS) in the US and around the world, and ransomware attacks against various industries, including healthcare providers such as children’s hospitals. They also combine information operations with cyber intrusions to foment instability in target countries, as evidenced by their involvement in targeting the 2020 US presidential election.

The leaks also show that IRGC-related cyber offensive infrastructure has been used to deploy financially motivated attacks. Additionally, Iranian contractors export their technologies abroad, both for surveillance and offensive purposes. However, the report concludes that US government sanctions are proving to be an effective legal and diplomatic tool, making it harder for cyber companies under the IRGC umbrella to evade detection and adversely affecting their abilities to openly recruit new skilled labor.

This revelation further emphasizes the ongoing threat posed by Iran’s intelligence and military services, highlighting their involvement in cyber activities targeting Western countries. The information provided by Recorded Future underlines the need for increased vigilance and action to counter these malicious cyber activities associated with the Islamic Revolutionary Guard Corps.

Source link

Latest articles

SEO Poisoning: The Transformation of Search Engines into Cybercriminal Traps

Cyber threats are constantly evolving, and one such threat that is gaining traction is...

DDoS Attacks Increase as Africa Grows Its Online Presence

Organizations across Africa are facing a surge in cyber threats as a result of...

Unauthorized Access

In a recent report released by HackerOne, it has been revealed that more and...

Japan Airlines experiences a cyber attack – Inquirer.net

Japan Airlines recently reported a cyber attack on its systems, causing concern among customers...

More like this

SEO Poisoning: The Transformation of Search Engines into Cybercriminal Traps

Cyber threats are constantly evolving, and one such threat that is gaining traction is...

DDoS Attacks Increase as Africa Grows Its Online Presence

Organizations across Africa are facing a surge in cyber threats as a result of...

Unauthorized Access

In a recent report released by HackerOne, it has been revealed that more and...