Iran Manipulates West’s Cyberspace with State Contracts and Mercenaries

New Reports Reveal Iranian Military Reconnaissance Involvement in Cyber Attacks

In new reports, it has been uncovered that Iranian military reconnaissance structures are involved in cyber attacks against Western countries. This data has been obtained as a result of long-term leaks and operations of doxing carried out by anti-government hacker groups and dissident networks (source).

The reports have revealed close ties between several organizations related to the Islamic Revolutionary Corps (KSIR) and contracting companies engaged in cyber attacks. The main structures identified are:

  • Organization of electronic warfare and cyber protection of the Xir (IRGC’s Electronic Warfare and Cyber Defense Organization, IRGC-EWCD)
  • Divorizing organization CSIR (IRGC’s Intelligence Organization, IRGC-IO)
  • Office for the protection of intelligence (IRGC’s Intelligence Protection Organization, IRGC-IPO)
  • A group of foreign operations of the KSIR or RGC’s Foreign Operations Group, Aka The Qeds Force, IRGC-QF

The reports indicate that each of these organizations has close ties to certain APT groups. For example, in 2022, the Nemesis Kitten APT group (Cobalt Mirage, UNC2448, TunNelvision, Mint Sandstorm) was associated with the design organization Xirir.

Analysis by TRASE has shown that these agencies have maintained longstanding relationships with Iranian cybercriminals. Public records also indicate a constantly growing network of contracting companies related to individuals known for their work for various departments of the KSIR.

The reports from Recorded Future specify specific Iranian contractors involved in aggressive cyber operations, including Ayandeh Sazan Sepe

/Reports, release notes, official announcements.