ICNA

Iranian Cyber News Agency

    • ByteSec1401

    ICNA Posted on

    List of names used by industry:

    • ByteSec1401

    Date founded:

    • Telegram channel was created 11/12/2023

    Affiliation:

    ByteSec1401 is not publicly affiliated to any country however is clearly anti Islamic Republic/IRGC. One researcher attributes activity that looks like a US/Western government cutout.

    Social media handles and websites:

    Previous operations:

    • December 2023 – Claimed 2 defacement attacks (19th and 21st) against the cyberbannews organization website. The attack was claimed to be in order to highlight Cyberban’s links to the IRGC and specifically it’s hacking group Shahid Kaveh led by Mehdi Lashgarian. Shared some basic details on their GitHub account.
    • January 2024 – Continued targeting Cyberban by doxxing employees (names, addresses, phone numbers, social media etc). Claimed to have emails from the cyberban news organization. Also continued leaking information relating to Mehdi Lashgarian and his links to Rayan Pardazan Rioniz. Doxxed CEO of Rayan Pardazan Rioniz (Ali Reza Delkhosh Fatide) as an associate of Mehdi Lashgarian.
    • March 2024 – Exposed details about PARNIAN DADEH NEGAR PISHRAFTEH including doxing a list of “profiteers”. Claim of being provided the information by an insider.
    • June 2024 – Exposed Andisheh Negar Ofogh as IRGC front company. Doxxed a list of their employees.
    • July and August 2024 – Exposed Dadenegar as an IRGC front company. Claimed to have access to their server. Also exposed individuals working for Dadenegar, including their CEO Milad Rahnama. Claim to leak information related to their projects. Shared claim that Dadenegar employees were unaware of IRGC connection.
    • September 2024 – Exposed the Cognitive Design Production Center including the CEO Rafi’ioddin Esma’ili. Shared further employees citing insider sources.
    • October 2024 – Claimed to expose Studio Kelid (video game studio) as IRGC funded. Also exposed further IRGC members including Ahmad Dastaran Mamaghani. Shared results of DOS against a site allegedly linked to Ahmad Dastaran (tv5.ir). Shared DOS result targeting www.fardanews.com. (“An IRGC mouthpiece”).
    • November 2024 – DOS results (not claiming, it’s “their friends”) against www.mizanonline.ir, www.tabnak.ird, ofoghtv.ir, asriran.com, tv5.ir.
    • November 2024 – Creation of ByteSec1401_Efshagari and ByteSec1401_Ahkbare_Dagh Telegram Channels. (Both channels are just used to share stories and news articles from other sources w.some commentary, none of their own ops).
    • 2025 – Minimal activity, just sharing stories about women in Iran.
    • January 2026 – Exposed Shahid Shustari group as an IRGC front and exposed Mohammad Bagher Shirinkar as abusing women who work for him.

    Tactics/techniques/tradecraft/procedures (TTP’s):

    • Claim insider information into most organizations as an ongoing source
    • Website defacements
    • Breach of email servers
    • Sharing of cartoons and imagery making fun of the target set
    • Denial of Service attacks (sharing of)

    People of interest who have been doxxed online or sanctioned:

    • Doxxed Mehdi Lashgarian as leader of cyberban and the IRGC hacker unit Shadi Kaveh. (including photo and personal details such as date of birth, phone number and address).
    • Sanctioned/designated under E.O. 13442
    • Listed against a US Rewards for Justice campaign against CyberAv3ngers
    • Doxxed CEO of Rayan Pardazan Rioniz (Ali Reza Delkhosh Fatide) as an associate of Mehdi Lashgarian
    • The Cognitive Design Production Centre (CDPC) was sanctioned on 31 December 2024 (US Sanctions E.O. 13848).
    • Rewards for Justice against the Shahid Shustari group. Also sanctioned under E.O. 13848

    Resources:

    @ByteSec1401_Ahkbare_Dagh

    @ByteSec1401

    home.treasury.gov

    state.gov/rewards-for-justice

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    ICNA
    View all posts