Tapandegan
List of names used by industry: Date founded: Affiliation: Iranian hacktivists. The group refer to its acts as an act of protest demanding the Iranian leadership to improve the economy and to stop ignoring the demands of the people. No…
Predatory Sparrow
List of names used by industry: Date founded: July 2021 (though some attacks as early as 2019 have been attributed to them) Affiliation: Social media handles/websites: Previous operations: Tactics/techniques/tradecraft/procedures (TTP’s): Technical details: People of interest that have been doxxed online…
Ravin Academy
Ravin Academy is an Iranian cybersecurity training academy established in 2019 with the aim of improving Iran’s cybersecurity industry by providing advanced educational, research and cybersecurity services. It also functions as a sophisticated cyber-attack group, actively involved in espionage, sabotage…
Edaalat-e Ali
Edalaat-e-Ali is a highly capable probably Israeli affiliated hacking group that has carried out a number of high profile attacks against Iranian state targets in the last 6 years. The name refers to the Emam Ali, and the group claims…
Lab Dookhtegan
List of names used by the industry: Date founded: Early 2019 Affiliation: Lab Dookhtegan members are hacktivists that are in opposition to Iranian state-sponsored cyber actors. The group is known for exposing Iranian cyber operatives and their activities. Social media…
Charming Kitten
Charming Kitten is an Iranian state-aligned cyber actor that seeks to target human rights activists, academic researchers, media outlets and individuals who are of interest to Iran’s government and security agencies. Unlike other Iranian APT groups focussed on disruptive cyber…
Crescent of Anon
Crescent of Anon (linked to Anonymous Op Iran and a member of the Prana Network). Date founded: Group first appeared in October 2022 in response to the Mahsa Amini protests. Affiliation: Hacktivist group, part of the worldwide Anonymous collective. The…
Helix Kitten
List of names used by the industry: Sub group: Lyceum (also known as HEXANE, Storm-0133, SiameseKitten) Date founded: Active since at least 2014. Affiliation: Iranian state-sponsored. Affiliated to Iran’s Ministry of Intelligence and Security (MOIS). Operations primarily to conduct cyber…
Hooshyarane Vatan
Date founded: June 2021 Affiliation: The group’s initial post (on 18 June 2021) was a manifesto where they stated they were from Ahvaz, the capital of the Khuzestan province in Iran. The group’s initial post (on 18 June 2021) was…
ByteSec1401
List of names used by industry: Date founded: Affiliation: ByteSec1401 is not publicly affiliated to any country however is clearly anti Islamic Republic/IRGC. One researcher attributes activity that looks like a US/Western government cutout. Social media handles and websites: Previous…