ICNA

Iranian Cyber News Agency

    • Photo of Mesri shared in 2022.

    Behzad Mesri

    ICNA Posted on
    Photo of Mesri shared in 2022.

    Behzad Mesri is an Iran-based hacker and former CEO of the Net Peygard Samavat Company (later rebranded as Emennet Pasargad). He is publicly accused, by the US, of conducting high‑profile intrusions, data theft, extortion, and participating in state‑aligned malicious cyber campaigns tied to the Islamic Republic of Iran. Mesri is part of the broad ecosystem supporting Islamic Revolutionary Guard Corps (IRGC) linked cyber operations.

    Biographical Details

    • Mesri lives in Iran, is Iranian, and was born on August 24, 26 or 27, 1988, in Naghadeh, Iran. He is known to speak Persian and some English.
    • In 2017, Mesri was understood to be 5’9″ with brown hair, brown eyes, and weighed roughly 80kg.
    • Mesri is a self-professed expert in computer hacking techniques.
    • Mesri has operated under the online pseudonyms of “Mr Smith” and “Skote Vahshat”, meaning “The Silent Terror.”

    Summary of activities within Iranian Cyber Operations

    Mesri was first linked to the Iran-based hacking group “Turk Black Hat Security Team” conducting website defacements and other activities. In 2017, he was linked to the cyber-attack against HBO (the American media organization, Home Box Office Inc.). Mesri later served as CEO of the Net Peygard Samavat Company which has been linked to the Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC). Mesri has also been associated with the Mabna Institute that is known to be strongly linked to the Iranian Ministry of Intelligence and Security (MOIS).

    Key Incidents & Attribution

    • Turk Black Hat Security Team: Mesri was involved in conducting hundreds of website defacements under the alias “Silent Terror,” targeting sites in the United States and elsewhere. US attributions also link him to activity against military systems, nuclear software, and Israeli infrastructure.
    • HBO Intrusion and extortion (May-August 2017): US prosecutors allege Mesri conducted online reconnaissance beginning in May 2017, compromised multiple HBO employee accounts, and exfiltrated roughly 1.5 terabytes of proprietary data (including unaired video files and scripts/plot summaries for programs such as Game of Thrones, Barry, Ballers, Room 104, and more). Mesri sent ransom and threatening emails demanding about $5.5-6 million in Bitcoin, and publicly leaked the data when demands were not met. Mesri’s first email to HBO staff stated, among other things, “Hi to All losers! Yes it’s true! HBO is hacked! … Beware of heart Attack!!!”
    Images collated by US authorities from Mesri's activities against HBO.
    Images collated by US authorities from Mesri’s activities against HBO.
    • Net Peygard Samavat – Mesri as CEO: While CEO, Mesri is alleged to have overseen the acquisition of servers and operational activities aimed at gaining access to and implanting malware on devices of current and former U.S. counterintelligence personnel.
    • Net Peygard Samavat – Election Activities (August-November 2020): The US Treasury states the company led online operations to intimidate and influence American voters, including attempts to obtain voter information from state websites, sending threatening emails, and crafting/disseminating disinformation about the election and election security.

    International Recognition & Legal Actions

    • US Criminal indictments and arrest warrants: A Southern District of New York indictment (8 November 2017) charged Mesri with computer fraud, wire fraud, extortion‑related offenses, and aggravated identity theft. A District of Columbia indictment (8 February 2019) charged Mesri with conspiracy, attempted intrusions, and aggravated identity theft. Federal arrest warrants have been issued.
    • FBI WANTED notice: Mesri is wanted by the US Federal Bureau of Investigation (FBI) for computer fraud, fraud, wire fraud, interstate transmission of an extortionate communication, and aggravated identity theft.
    FBI Wanted poster for Behzad Mesri.
    • Sanctions and Designations: Mesri is designated under Executive Order 13694 for his role in the HBO attack. He is also designated under E.O 13606 for his connection to the Net Peygard Samavat Company. The company is sanctioned under the same designation for providing support to the IRGC Electronic Warfare and Cyber Defense (IRGC-EWCD) organization and for its 2020 election‑related activities. Mesri is subject to secondary sanctions.

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    ICNA
    View all posts