ICNA

Iranian Cyber News Agency

    • PRANA Network

    ICNA Posted on

    Date founded:

    First appeared in August 2023

    Affiliation:

    Group described themselves as “Freedom Fighters From The Cyber World”. Collaboration of different hacktivist groups, some members are known to be Iranian.

    Social media handles/websites:

    Telegram: @Iran_EXPOSED (No longer active), @Prana_Network (No longer active)
    Direct Telegram: @Prana_network_admin (No longer active)

    Previous operations:

    • On 27 August 2023, the Prana Network were linked to an attack against the Iranian technology company Fanap, that was conducted by the hacktivist group GhostSec. The group extracted 20GB of data that exposed programs including facial recognition and motion detection systems that were used by the Iranian government to monitor and track its people. At the same time as leaking this data, the Prana Network took Fanap’s website offline (www.fanap-infra.com).
    • On 4 February 2024, the group announced the successful infiltration of the email servers of an IRGC front company called Sahara Thunder. The group leaked nearly 10GB of files onto the data sharing site www.simorgh.io. The data included contracts, bank accounts, details, factory layouts etc. The attack was announced on X by the hacktivist group Crescent of Anon, one of the members of the Prana Network. This attack resulted in widespread, international media attention due to the exposure of critical data related to the production and pricing of Shahed-136 kamikaze drones being sent from Iran to Russia. The documents also deal the negotiations between Russian and Iranian representatives. The documents also suggested that Russia was paying for some of its Shahed imports in gold.
    • On 1 April 2024, the group shared details that they had breached the server of the Tehran University of Medical Sciences (TUMS). The group leaked 3.6GB of data to their Telegram channel including certificates and national IDs of over 4000 members of staff and professors.
    • On 15 April 2024, the group shared screenshots of an alleged attack against the organization Niroo Sanat Pasargad. They claimed to have adjusted some settings on their Siemens SIMATIC S7 programmable logic controllers (PLCs) and changed all their passwords.
    • Prana Network has not been attributed to any other attacks. It is likely the group’s members initially included Wond3rGhost (and other members of GhostSec) and later expanded to also feature Crescent of Anon, and Hooshyaran-e Vatan. It has been challenging to document all of the Prana Network activities as their accounts have mostly been wiped. It appears that the group is no longer active.

    Tactics/techniques/Tradecraft/Procedures (TTPs):

    • Primary tactic was to infiltrate servers and exfiltrate the data to be leaked.
    • The group allegedly also conducted industrial sabotage (targeting of PLCs).
    • One case of website disruption

    Sources:

    Defence-blog.com/hackers-reveal-shahed-drone-pricing-russia
    Forbes.com/site/erictegler/2024/01/07/375000the-sticker-price-for-an-iranian-shahed-drone
    Militaryni.com/en/news/the-cost-of-shahed-136-for-russia-has-been-reported
    Newsweek.com/ukraine-hack-russia-price-paid-iran-shahed-drones-1867627
    Cybernews.com/cyber-war/iran-spyware-breached-exposed-ghostsec
    Web.archive.org (for Prana Network)

    LEAVE A RESPONSE

    Your email address will not be published. Required fields are marked *

    ICNA
    View all posts