Iran seeks to bolster the cyber attack capacity, with more control of telecommunication networks to minimize threats by the opposition and activists. Threats to the current regime serve to enhance effort by Tehran and Moscow to set up efficient control of information field.
In June 2015, Brigadier General Gholam Reza Jalali, head of Iran’s Civil Defense Organization, claimed Iran and Russia had addressed the issue of cyber cooperation.
Iran has significantly increased and expanded the level of information security in the last decade. With effortsmostly focused on Internet control until 2010, Iran made a bet on protecting its own information field following a series of cyberattacks by the United States and Israel.
Russia has provided Iran with advanced digital-surveillance capabilities as the two countries seek to bolster cooperation in the field of security and defense. Moscow and Tehran signed a cyber-cooperation agreement two years ago that focused mostly on cyber-defense networks.
Since Russia’s unprovoked invasion of Ukraine in February 2022, Moscow has provided Tehran with communication-surveillance capabilities as well as eavesdropping devices, advanced photography devices and lie detectors.
Russia has most probably shared more advanced software with Iran that would allow it to hack the phones and systems of dissidents and adversaries.
We believe the arrest of WSJ reporter Evan Gershkovich in Russia may be associated with his investigation into Russia’s cyber technology transfer to Iran. The FSB internal intelligence decided to arrest him to prevent the leak of facts on Moscow–Tehran cyber interaction.
The Russian company PROTEI that has contracts with the Russian Ministry of Defense, has begun providing internet-censorship software to Iranian mobile-services provider Ariantel. It includes technology that analyzes and blocks encrypted traffic of banned sites and services, like Telegram.
The government of Iran used cyber technology to suppress the nationwide protest in 2022 by slowing down web traffic in targeted areas to stop the video sharing and communication among the protesters.
The key players in Iran’s cyber operations are those affiliated with the IRGC.
Shahid Kaveh, is part of Iran’s elite Islamic Revolutionary Guard Corps’ (IRGC) cyber command led by Amir Lashgarian. The purpose of the projects was to damage civilian infrastructures and civilian targets in Europe and around the world. Cell called Intelligence Team 13 is a sub-group within the IRGC Shahid Kaveh unit, under an individual named Hamid Reza Lashgarian.
Classified documents, from Iran, reveal secret research into how a cyber attack could be used to sink a cargo ship or blow up a fuel pump at a petrol station. They also include information on satellite communication devices used by the global shipping industry as well as a computer-based system that controls things like lights, heating and ventilation in smart buildings across the world. The papers appear to reveal a particular interest in researching companies and activities in western countries, including the UK, France and the United States.
Israel has accused Iran of trying to hack its water system and, last month, said a group affiliated with Iranian intelligence conducted a cyberattack on a top Israeli university.
This group is acting just like Russia’s military intelligence cyber units that attacked critical infrastructure in the US and Europe in 2014-2021.
Iran possibly used Russian software in 2022 cyber attack against Albania. Aside from that, there is a high chance of existing agreement between Russia and Iran on joint cyber attacks to get intelligence and damageinfrastructure. Russian and Iranian state-linked hackers are increasingly targeting British politicians, journalists and researchers with sophisticated campaigns aimed at gaining access to a person’s email, Britain’s online security agency warned on this January. The National Cyber Security Centre (NCSC) issued an alert about two groups from Russia and Iran, warning those in government, defense, thinktanks and the media against clicking on malicious links from people posing as conference hosts, journalists or even colleagues.
Both groups have been active for some years, but it is understood they have recently stepped up their activities in the UK as the war in Ukraine continues, as well as operating in the US and other NATO countries. They aim to steal secrets – or leak correspondence online to embarrass high-profile figures – but not to extort money. We cannot rule out, however, these groups aim to raise funds for the regimes, like North Korean Bureau 121.
Shahid Babaei group is a group which is affiliated with the IRGC Cyber unit and is responsible for conducting cyber strikes on civilian targets and collecting data against foreign nations. “Milad Mansouri” is the director of this group.
Shahid Babaei cyber group is affiliated with the Sepah Cyberi.
The Iranian Internet service provider Datak Telecom (“Datak”) has collaborated with the Government of Iran to provide information on individuals trying to circumvent the government’s blocks on Internet content, allowing for their monitoring, tracking, and targeting by the Government of Iran. Datak regularly collaborated with the Government of Iran on testing surveillance techniques.
Over the last two years, Datak facilitated ongoing technical surveillance on Iran-based users of a popular commercial email service, designed to monitor and track the activities of its users. Datak undertook plans to carry out this type of attack on a larger scale, to potentially include surveillance of millions of Iranian users.
Moreover, Datak has demonstrated the intent and specific planning to purchase intercept equipment for Internet and voice communications.
Doran Group is one of the most successful collections of computer companies, which has been established with the aim of providing various products and services in the field of information technology. This group has been established for more than two decades.
Iranian information technology firm Douran Software Technologies is being designated for censorship or other activities that limit the freedom of expression of the Iranian people since June 2009.
Douran Software Technologies is one of the main vendors for an Iranian government project to monitor computer activity.
Razavi Information and Communication Technology Co., or FAVA, provides Astan Quds Razavi with telecommunications and computer services, and develops hardware and software for information and communication technologies for use in Iran by both private companies and companies in Astan Quds Razavi’snetwork.
Astan Quds Razavi is under the control and supervision of the Iranian regime’s supreme leader Ali Khamenei. No one is allowed to question this huge financial system, and it is exempt from paying taxes. Astan-e Quds Razavi has played an active role in providing financial, material and logistical support to fundamentalist and terrorist groups within the last few years. Particularly, the heads of AQR have vast relations with Hezbollah’s top officials. It is worth noting that these activities within the past few years have been expanding.
Najee Technology and Afkar System, are responsible for or complicit in, or have engaged in, directly or indirectly, global targeting of various networks, including critical infrastructure, by exploiting well-known vulnerabilities to gain initial access in furtherance of malicious activities, including ransom operations.
This IRGC-affiliated group is comprised of employees and associates of Najee Technology Hooshmand Fater LLC (Najee Technology) and Afkar System Yazd Company (Afkar System). Mansour is the owner, managing director, and chairman of the board of Najee Technology.
Additional employees and associates of Najee Technology and Afkar System include: Ali Agha-Ahmadi (Ali Ahmadi); Mohammad Agha Ahmadi (Mohammad Ahmadi); Mo’in Mahdavi (Mahdavi); Aliakbar Rashidi-Barjini (Rashidi); Amir Hossein Nikaeen Ravari (Nikaeen); Mostafa Haji Hosseini (Mostafa); Mojtaba Haji Hosseini (Mojtaba); and, Mohammad Shakeri-Ashtijeh (Shakeri).
Ali Ahmadi has been a Najee Technology employee since at least 2019. Rashidi has worked for Mansour since at least February 2021.
The individuals and entities designated today are all affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC).
Seyed Hamid Aboutorabi is among the 45 cyber actors having materially assisted, sponsored, or providing financial, material, or technological support for, or goods or services to or in support of the Ministry of Intelligence and Security (MOIS);
Iran’s MOIS, through their front company Rana, recruited highly educated people and turned their cyber talents into tools to exploit, harass, and repress their fellow citizens and others deemed a threat to the regime.
The MOIS, camouflaged as Rana, has played a key role in the GOI’s abuse and surveillance of its own citizens. Through Rana, on behalf of the MOIS, the cyber actors designated used malicious cyber intrusion tools to target and monitor Iranian citizens, particularly dissidents, Iranian journalists, former government employees, environmentalists, refugees, university students and faculty, and employees at international nongovernmental organizations. Some of these individuals were subjected to arrest and physical and psychological intimidation by the MOIS. Rana’s targeting has been both internal to Iran and global in scale, including hundreds of individuals and entities from more than 30 different countries across Asia, Africa, Europe, and North America. Rana has used malicious cyber intrusion tools to target or compromise approximately 15 U.S. companies primarily in the travel sector.We failed, however, to establish the facts of direct cyber interaction between Iranian actors and the Russians. It is probably due to the fears by the FSB over technology leak risks and its further reselling by Tehran. That way, Iran most likely gets ready Russian product, as its experts study it to copy and replicate the technology.
