List of names used by the industry:
ستارگان آزادی
Date founded:
The group first appeared in May 2026.
Affiliation:
Setarehgan Azadi appears to be anti-regime but is not affiliated with any foreign government or political groups.
Social media handles/websites:
Github: github.com/setarehganAzadi
Telegram: t.me/SetarehganAzadi
Previous operations:
7 May 2026 – The group claimed responsibility for a hack against Pendar Kooshk Imen Company posting images of the hack on GitHub. The group gained access to highly confidential information of millions of Iranians.
Tactics/Techniques/Tradecraft/Procedures (TTP’s):
- The group’s technical capabilities appear extensive. Their targeting of ESXi indicates understanding and ability to exploit virtualization infrastructure. They have also leveraged compromised encryption service API’s.
- The group’s success in gaining control over customer web hosting suggests successful privelege escalation and lateral movement across the PKI network.
- The group also performed credential harvesting and utilized compromised administrator accounts.
- The group also consistently exfiltrate sensitive data from their accesses and have publicly released a range of this on GitHub (including screenshots).
- The attack on PKI is particularly significant as a supply chain attack. PKI acts as a trusted provider and therefore the group’s impact may extend to downstream clients in the banking sector.
Sources:
