HomeRisk ManagementsNew revelations uncover interconnected network of Iranian intelligence and cyber firms

New revelations uncover interconnected network of Iranian intelligence and cyber firms

Published on

spot_img

Iran’s Intelligence and Military Services Linked to Cyber-Attacks

A recent report by cyber threat intelligence provider Recorded Future has revealed new evidence that Iran’s intelligence and military services are associated with cyber activities targeting Western countries through their network of contracting companies. The report, published on January 25, 2024, sheds light on a web of entities connected to the Islamic Revolutionary Guard Corps (IRGC) involved in cyber-attacks and information manipulation campaigns.

According to Recorded Future, at least four intelligence and military organizations linked to the IRGC are primarily engaged with a network of cyber contracting parties. These organizations include IRGC’s Electronic Warfare and Cyber Defense Organization (IRGC-EWCD), IRGC’s Intelligence Organization (IRGC-IO), IRGC’s Intelligence Protection Organization (IRGC-IPO), and the IRGC’s foreign operations group, also known as the Quds Force (IRGC-QF).

The report also details specific advanced persistent threat (APT) groups closely associated with these bodies. In 2022, the Nemesis Kitten APT Cobalt Mirage, UNC2448, TunnelVision, and Mint Sandstorm were linked to the IRGC-IO by the anti-government group Lab Dookhtegan. Additionally, public records indicate an ever-growing web of front companies connected through individuals known to serve various branches of the IRGC.

Recorded Future analyzed leaks that show the long-standing relationship between these agencies and Iran-based cyber contractors. Some of the cyber operators involved in offensive cyber activities include “Ayandeh Sazan Sepehr Aria Company,” “Sabrin Kish,” “Soroush Saman Company,” as well as other sanctioned entities like “Najee Technology Hooshmand Fater LLC” and “Emen Net Pasargad.”

However, researchers have observed constant movement within the web of Iran-based cyber contractors, with companies frequently disbanding and rebranding in an attempt to obfuscate their activities. There are also overlaps between personnel members of these contracting companies, who share roles and are known to serve various branches of the IRGC. Some of the data reveals names of high-ranking IRGC officials purportedly responsible for leading and coordinating Iran’s offensive cyber ecosystem.

Through their links with these cyber contractors, the Iranian government agencies are associated with, if not directly complicit in, targeting major US financial institutions, industrial control systems (ICS) in the US and around the world, and ransomware attacks against various industries, including healthcare providers such as children’s hospitals. They also combine information operations with cyber intrusions to foment instability in target countries, as evidenced by their involvement in targeting the 2020 US presidential election.

The leaks also show that IRGC-related cyber offensive infrastructure has been used to deploy financially motivated attacks. Additionally, Iranian contractors export their technologies abroad, both for surveillance and offensive purposes. However, the report concludes that US government sanctions are proving to be an effective legal and diplomatic tool, making it harder for cyber companies under the IRGC umbrella to evade detection and adversely affecting their abilities to openly recruit new skilled labor.

This revelation further emphasizes the ongoing threat posed by Iran’s intelligence and military services, highlighting their involvement in cyber activities targeting Western countries. The information provided by Recorded Future underlines the need for increased vigilance and action to counter these malicious cyber activities associated with the Islamic Revolutionary Guard Corps.

Source link

Latest articles

AI-Generated Ransomware Exploits Chromium API on Windows and Android

Emergence of Browser-Only Ransomware Marks a New Era in Cyber Threats Cybersecurity researchers have identified...

Sandbox Bypass Vulnerabilities in Cursor IDE Spotlight Prompt Injection as a RCE Vector

Cursor, a prominent software company recently acquired by SpaceX for a staggering $60 billion...

Quantum Breakthroughs Compress Post-Quantum Computing Timeline

Next-Generation Technologies & Secure Development Microsoft, Google and AWS cite major...

TLS Certificate Lifetime Changes: Essential Actions for CISOs

Organizations Face Urgent TLS Certificate Management Challenges as Expiration Timelines Tighten As organizations increasingly navigate...

More like this

AI-Generated Ransomware Exploits Chromium API on Windows and Android

Emergence of Browser-Only Ransomware Marks a New Era in Cyber Threats Cybersecurity researchers have identified...

Sandbox Bypass Vulnerabilities in Cursor IDE Spotlight Prompt Injection as a RCE Vector

Cursor, a prominent software company recently acquired by SpaceX for a staggering $60 billion...

Quantum Breakthroughs Compress Post-Quantum Computing Timeline

Next-Generation Technologies & Secure Development Microsoft, Google and AWS cite major...