IRLeaks
List of names used by the industry: IRLeaks (no other names identified) Date founded: Telegram channel was created 13 June 2023 Affiliation: Researchers have analyzed data from irleaks attacks and determined that irleaks’ activity aligns with actions of more organized,…
Anonymous OpIran
In the wake of Mahsa Amini’s death on Sep 16 2022, the international hacktivist group Anonymous launched a new campaign called Op Iran against Iran’s online infrastructure. OpIran also continue to support the “No to Executions” movement and stands with…
Tapandegan
List of names used by industry: Date founded: Affiliation: Iranian hacktivists. The group refer to its acts as an act of protest demanding the Iranian leadership to improve the economy and to stop ignoring the demands of the people. No…
Predatory Sparrow
List of names used by industry: Date founded: July 2021 (though some attacks as early as 2019 have been attributed to them) Affiliation: Social media handles/websites: Previous operations: Tactics/techniques/tradecraft/procedures (TTP’s): Technical details: People of interest that have been doxxed online…
Ravin Academy
Ravin Academy is an Iranian cybersecurity training academy established in 2019 with the aim of improving Iran’s cybersecurity industry by providing advanced educational, research and cybersecurity services. It also functions as a sophisticated cyber-attack group, actively involved in espionage, sabotage…
Edaalat-e Ali
Edalaat-e-Ali is a highly capable probably Israeli affiliated hacking group that has carried out a number of high profile attacks against Iranian state targets in the last 6 years. The name refers to the Emam Ali, and the group claims…
Lab Dookhtegan
List of names used by the industry: Date founded: Early 2019 Affiliation: Lab Dookhtegan members are hacktivists that are in opposition to Iranian state-sponsored cyber actors. The group is known for exposing Iranian cyber operatives and their activities. Social media…
Charming Kitten
Charming Kitten is an Iranian state-aligned cyber actor that seeks to target human rights activists, academic researchers, media outlets and individuals who are of interest to Iran’s government and security agencies. Unlike other Iranian APT groups focussed on disruptive cyber…
Crescent of Anon
Crescent of Anon (linked to Anonymous Op Iran and a member of the Prana Network). Date founded: Group first appeared in October 2022 in response to the Mahsa Amini protests. Affiliation: Hacktivist group, part of the worldwide Anonymous collective. The…
Helix Kitten
List of names used by the industry: Sub group: Lyceum (also known as HEXANE, Storm-0133, SiameseKitten) Date founded: Active since at least 2014. Affiliation: Iranian state-sponsored. Affiliated to Iran’s Ministry of Intelligence and Security (MOIS). Operations primarily to conduct cyber…