Nimbus Manticore
List of names used by industry: • Screening Serpens• UNC1549• Smoke Sandstorm• TA455 Date founded:The group is believed to have been active since June 2022. Affiliation:The group has been affiliated with the Islamic Revolutionary Guard Corps and overlaps with other…
MuddyWater
List of names used by the industry: Date founded: MuddyWater was first publicly identified in 2017 and is known to use a wide range of tools and techniques in its operations. The name “MuddyWater” was coined by Palo Alto Networks…
Haghjoyan
List of names used by industry: Date founded: Affiliation: Social media handles/websites: Telegram: @Haghjoyann (Allegedly seized) Previous operations: The group’s first activity was to target and deface 50 websites, they provided a Hack-DB link to prove their activities. These attacks…
Behzad Mesri
Behzad Mesri is an Iran-based hacker and former CEO of the Net Peygard Samavat Company (later rebranded as Emennet Pasargad). He is publicly accused, by the US, of conducting high‑profile intrusions, data theft, extortion, and participating in state‑aligned malicious cyber…
Homeland Justice
Homeland Justice is a state-aligned Iranian hacktivist persona used by the Ministry of Intelligence and Security (MOIS) to conduct disruptive cyberattacks and psychological-operations campaigns, most notably against Albania since 2022. The group has carried out ransomware and wiper attacks, leaked…
Ababil of Minab
Ababil of Minab is a new pro-Iranian hacking group. The group named itself after the missile attack on Shajareh Tayyebeh School in Minab, Hormuzgan province in Southern Iran which occured on the 28 February 2026 resulting in the death of…
Ravin Academy
Ravin Academy is an Iranian cybersecurity training academy established in 2019 with the aim of improving Iran’s cybersecurity industry by providing advanced educational, research and cybersecurity services. It also functions as a sophisticated cyber-attack group, actively involved in espionage, sabotage…
Charming Kitten
Charming Kitten is an Iranian state-aligned cyber actor that seeks to target human rights activists, academic researchers, media outlets and individuals who are of interest to Iran’s government and security agencies. Unlike other Iranian APT groups focussed on disruptive cyber…
Helix Kitten
List of names used by the industry: Sub group: Lyceum (also known as HEXANE, Storm-0133, SiameseKitten) Date founded: Active since at least 2014. Affiliation: Iranian state-sponsored. Affiliated to Iran’s Ministry of Intelligence and Security (MOIS). Operations primarily to conduct cyber…
Cyber Av3ngers
List of names used by industry: Date founded: Affiliation: Cyber Avengers (CA) is an Iranian hacking group affiliated to the Islamic Revolutionary Guard Corps (IRGC) and Shahid Kaveh. It is reportedly the Iranian Regime’s most prolific hacking group focussing on…