Hacktivist Group Publishes Names of Iranian State-Linked Hacking Group Involved in Global Phishing Attacks

Iran­ian inde­pen­dent media is report­ing that a hack­tivist group has pub­lished the iden­ti­ties of alleged hack­ers work­ing for the cyber divi­sion of the Islam­ic Rev­o­lu­tion­ary Guard Corps (IRGC). Accord­ing to an Iran­wire report:

July 18, 2022 A hack­tivist group known as “Lab Dokhte­gan” (“Sealed Lips”) has pub­lished the iden­ti­ties of a num­ber of alleged hack­ers work­ing for the IRGC’s cyber divi­sion.  In a series of posts on Telegram at the week­end, the group named and shared the pic­tures of 15 peo­ple work­ing for two com­pa­nies, Naji Tech­nol­o­gy and Afkar Sys­tem. These, it said, were “cov­er com­pa­nies” affil­i­at­ed with the IRGC.  The indi­vid­u­als were said to be mem­bers of well-known pro-regime cyber­crime out­fits includ­ing Phos­pho­rus, Charm­ing Kit­ten, Cobalt Mirage, Neme­sis Kit­ten and Tun­nelVi­sion, which have car­ried out a series of sophis­ti­cat­ed attacks on tar­gets with­in and out­side Iran in recent years.  Apart from try­ing to steal infor­ma­tion or cause dis­rup­tion in Europe and the US, Lab Dokhte­gan said these groups had also used pro­grams like Bit­Lock­er to encrypt vic­tims’ com­put­ers, then extort them for ran­som money.

Read the rest here.

The Glob­al Influ­ence Oper­a­tions Report report­ed last year that the IRGC-linked Phos­pho­rus hack­ing group (aka Charm­ing Kit­ten, APT35) con­duct­ed a glob­al phish­ing attack that includ­ed think tanks, polit­i­cal research cen­ters, uni­ver­si­ty pro­fes­sors, jour­nal­ists, and envi­ron­men­tal activists in the coun­tries around the Per­sian Gulf, Europe, and the US.

Accord­ing to a BBC pro­file, the Islam­ic Rev­o­lu­tion­ary Guard Corps (IRGC) was set up short­ly after the 1979 Iran­ian rev­o­lu­tion to defend the country’s Islam­ic sys­tem and pro­vide a coun­ter­weight to the reg­u­lar armed forces. In April 2019, the U.S. State Depart­ment announced its inten­tion to des­ig­nate the IRGC in its entire­ty as a For­eign Ter­ror­ist Orga­ni­za­tion (FTO). In May 2020, Brig. Gen. Moham­mad Hejazi was appoint­ed the new IRGC’s Quds Force deputy com­man­der after its for­mer head Gen­er­al Qassem Soleimani had been killed in a U.S. airstrike at Baghdad’s inter­na­tion­al air­port. Since its foun­da­tion, the IRGC has become a major mil­i­tary, polit­i­cal and eco­nom­ic force in Iran. Reuters opined in 2019 that the IRGC, com­pris­ing an esti­mat­ed 125,000-strong mil­i­tary with army, navy, and air units, is more than a mil­i­tary force. “It is also an indus­tri­al empire with polit­i­cal clout and is loy­al to the supreme leader.”