The group first advertised themselves in October 2022 posting in English on Telegram. Over the course of their activities the group shifted to primarily posting in Persian.

In early 2023, the group conducted an extensive campaign of Denial of Service (DoS) attacks against key Iranian media and government organizations. For each attack the group shared evidence on their social media.

• 10 January, the group took offline the Basij news organization website (https://basijnews.ir).
• 11 January, the group targeted the website of the Iranian Guardian Council (www.shora-gc.ir).
• 14 January, the group took down the Fars News Agency website (www.farsnew.ir), allegedly in response to their sharing of propaganda glorifying the Iranian regime.
• 17 January, the group targeted the website of the Expediency Discernment Council of the System in Iran (www.maslahat.ir).
• 19 January, the group targeted the website of the Tabnak news agency (www.tabnak.ir).
• 24 January, the group took down the Sepah News agency website (www.sepahnews.com). The group sustained their DoS attack for at least 2 days.

On 25 January, the group shared their manifesto on YouTube stating that they will continue their campaign until there is justice in Iran.

• 26 January, the group targeted the website of the Headquarters of the Order Of the Righteous (www.setad-abm.ir).
• 2 February, the group shared an image claiming they had defaced the website setad-abm.ir sharing their manifesto.
• 8 February, the group targeted the Fars News Agency website for a second time (www.farsnew.ir).
• 16 February, the group took down the website of Kayhan news (www.kayhan.ir).
• 2 March, the group took offline the website of Nasim news (www.nasim.news).
• 15 March, the group targeted the Javan Online newspaper (www.javanonline.ir).

• On 28 March, the group shared an announcement that Anonymous had taken the Amin Exchange. The group claimed they had exploited a weakness in the regime and were leaking documents related to the financial crimes of the IRGC. It is plausible that this attack was conducted by Crescent of Anon themselves and then later credited to the wider Anonymous Op Iran collective. The group’s defacement of setad-abm.ir and the potential breach of the Amin Exchange servers are the first examples of the group conducting more sophisticated attacks requiring full penetration of servers. This shows the group’s efforts to continue developing their capability whilst maintaining momentum with their DoS attacks. Throughout the rest of 2023, the group continued with their standard attacks against various targets in Iran.

• 14 June, the group took offline the website of the Seraj Cyberspace Organization (www.seraj.ir).
• 10 July, the group took down the website of the Basij News organization for a second time (https://basijnews.ir).
• 17 August, the group targeted the Expediency Discernment Council for a second time, taking their website offline (www.maslahat.ir).
• 27 August, the group once again targeted the website of the Headquarters of the Order Of the Righteous (www.setad-abm.ir).
• 1 September, the group took down the website of the Javan Online newspaper for a second time (www.javanonline.ir).
• 8 September, the group targeted the website of the IRGC Cyber Security Command (www.gerdab.ir).
• 14 September, the group took the Mashregh News Agency website offline (www.mashreghnews.ir).
• 15 September, the group announced they had taken down the website of the Office for the Supreme Leader of Iran (www.leader.ir). The following day the site was geo-blocked to be only accessible from inside Iran.
• 19 September, the group took down the Imam Khomeini website (www.emam.com).
• 1 November, the group defaced and took offline the website of the Student News Network (www.snn.ir).
• 29 November, the group took down the website of Sepah News for a second time (www.sepahnews.com).
• 15 December, the group took down the website of the IRGC Cyber Security Command (www.gerdab.ir) with a further DoS attack.

• Throughout 2024, the group continued posting a variety of content highlighting the human rights abuses of the Iranian regime . The group did not claim another cyber-attack until 16 September when the group announced they had taken down the website of Sepah News for a third time (www.sepahnews.com). The following day, on 17 September, the group defaced and took the website of the IRGC Cyber Security Command offline for a second time (www.gerdab.ir).

• In 2025, the group appeared to shift their focus away from their traditional Denial of Service attacks to become more sophisticated. This is likely as a response to the success of their attack against Sahara Thunder.

• The group’s next advertised activity was on 30 April 2025. They announced that they had successfully breached the internal network of IRGC front company Sepehr Energy Jahan (SEJ) and leaked their data on the site simorgh.io. They accused the organization of coordinating the sale of illegal oil to China, the Middle East and Europe. The group highlighted that the profits from these illicit activities were flowing into the pockets of the Iranian regime rather than being used to improve the lives of the Iranian people.

• On 15 November, the group announced a secondary attack against Sepehr Energy Jahan (SEJ) and once again leaked their documents. The group highlighted that “Every year Sepehr Energy Jahan makes billions of dollars which is spent on IRGC, Artesh, and MODAFL proxy wars and not for the people of Iran.”