Two months ago we published an article about defacement of US government FDLP website in response to the murder of General Ghassem Soleimani. Our investigation into this defacement has found that this defacement was done by ESPAD security team. At this time we do not have a lot of information about this team but it seems that they are a important group in Iran now.
FDLP defacement is not the only cyber response to Soleimani’s murder. Many websites reported that the Iranian hacker Mrb3hz4d (@Mrb3hz4d) or Mister Behzad also performed defacements. Mrb3hz4d identified US websites with vulnerabilities and exploited these sites using CMS vulnerabilities and priv8 exploits. The number of websites defaced was large and so it was reported by many news websites. In the past Mrb3hz4d has shown his talent by hacking or defacing foreign government and university’s websites and other servers.
We believe that Mrb3hz4d has links with hacking group called Bax 026 of Iran (@bax026 on Twitter and Instagram). This is a small group but they are well know and for example @bax026 Instagram account has nearly 50,000 followers. The zone-h record for Bax 026 shows that this group has defaced a large number of websites in the recent years that are mostly US websites but also many from europe and many from Turkey, Israel and Saudi Arabia. In february the group attacked the Egyptian website of the ministry of health and published pictures of the Iranian flag on the home page. The group includes the well known Iranian hacker Mamad Warning (Instagram: @mmbul) that we have reported on for many years and has performed a number of well known defacements such as the defacement against the official government website of the Palestinian high judicial council in 2017 and a US city website in 2019.
We have heard the rumors that a hard cyber revenge is coming but we have not heard of the coordinated effort or the plan for a bigger response. Three hackers that we have talked to all have stated that Iran does not have a unified team and that too many of Iran’s hackers are guarding their own interest which is corrupting the Iranian effort.