Kheshtak Security Team – Story Continues

More than ever in the 21st century, knowledge is power and information is the force that controls markets and drives the global economies. Fortunes are made with technology and ideas spread like wild fire in minutes in an interconnected world. Ideas help group people together with shared goals, borders do not exist. We are Iranian, we love each other and our country. We do everything we can to help our fellow Iranians become more than we were. When I need to learn something, hundreds of fellow Iranians are always on call to lend a helping hand.
I am glad to see that my fellow Iranians have received the proper credit for their hard work. I firmly believe that you should be proud of your accomplishments, especially when you have achieved such greatness. Everyday brings new challenges and my brothers are constantly working hard to meet them.

Mehdi Mahdavi

Iranian-based hackers’ capability seems to be catching up to their ambitions. Personally, the end goal is what matters to me, elegance is nice but not necessary. A perfect example is the work of Mehdi Mahdavi and rocket kitten. Before I start, I need to say that there is a lot of varying opinions of how sophisticated his work is….what matters to me is that it worked and achieved his end result.


Mehdi Mahdavi

Mehdi Mahdavi was born on August 2, 1987 and currently lives in Tehran, Iran. He studied at the Islamic Azad University. Mehdi Mahdavi is apart of Rocket Kitten and he has been closely affiliated with Yaser Balaghi. Rocket Kitten has conducted two campaigns. One of them, involved spear-phishing emails designed to distribute a piece of malware called GHOLE. The threat, which is a modified version of a legitimate penetration testing tool from Core Security, gives attackers remote access to the infected machine and the target’s corporate network. The second campaign is far more sophisticated. The operation, dubbed “Woolen-GoldFish,” is most likely a state-sponsored campaign per Trend Micro.

They seems to be particularly interested in the defense industry, government entities, the IT sector, and academic organizations. Based on the contents of the files attached to the spear-phishing emails, researchers believe the attackers have targeted civilian and academic organizations in Israel, German-speaking government organizations, and public and private organizations in Europe.

There is a good detailed video from the 31st Chaos Communication Congress of the Chaos Computer Club. Based on his registered domains his contact emails are [email protected] and [email protected].

Medhi Bito

Mehdi Bito

Net Hunter whose real name is Medhi Bito was born on 8/15/1981, he currently goes by the hacker moniker NET.HUN73R. He is active on numerous Iranian hacking forums but is a moderator and team member of the Black Hat Group. On the Black Hat Group, he has made 347 posts making up 2% of all posts made by 9,530 people. The only person that posts more than he does is the admin and leader of the team Net.Edit0r. He does actively defaces sites under the Underground Security Team and is regulatory thanked or acknowledged on IEDB hacks and defacement. Based on his vCard, his email is [email protected]. It is difficult to say how many hacks he has due to his involvement with so many teams and forums but he is very accomplished and that is very evident due to digital signature. Ashiyane -BHG- Iran CyberIran Security TeamFatehgarCrypterIEDBIDCTarfandestan. The list easy goes on, he is young and loves what he does.

Moslem Haghighian

Moslem Aloned/Moslem Haghighian

Moslem Aloned whose real name is Moslem Haghighian was born on November 23, 1989, he goes by the hacking moniker L4tr0d3ctism and currently lives in Sanandaj, Iran. He has authered numerous papers and they are all very detailed and worth a read. Most people consume content, he creates it for his fellow Iranians. His Persiangig digtal locker is filled with tools, documents, tutorials, maleware, and viruses for testing. He is mostly affilited with but has accounts with Ashiyane and the Black Hat Group. In regards to IEDB, there doesnt seem to be an exploit that doesnt thank or acknowledge him. According to his Linkedin profile he has been hacking since he was born so saying hacking is in his blood is an understatement. His emails are [email protected], L4tr0d3ctism@gmail and [email protected].

Sasan Ahmadi

Sasan Ahmadi

Sasan Ahmadi was born on March 25th, 1990, he lives in Tehran, Iran and goes by the hacking monikers wanted2011 and pariskocholo. He is very active on Ashiyane with 833 posts. His emails are [email protected] and [email protected]. He has a lot of hacked and defaced sites but he does not take credit for the majority of them instead his team takes credit. His other forum affiations include the IDC-Team, and the Black Hat Group.

Ghader Ahmadi

Ghadar Ahmadi Didehban

Ghader Ahmadi full name Ghader Ahmadi Didehban goes by the hacking moniker gh4d3r. He originally studied civil engineering but found his true calling in information security, networking, programming. His current concetrations are forensics, ICS-SCADA, protocol securing and reverse engineering. He has a very impressive knowledge set that has clearly taken a lot of time and passion to accomplish. He is constantly posting books and tutorials on many sites including facebook. His email is [email protected] and also uses the forum moniker of amdi68. I think his cover photo explains him perfectly, he has a Steve Job qoute that states “The only way to do great work is to love what you do”….and he clearly does.

Mostafa Jafari

Mostafa Jafari

Mostafa Jafari was born on May 2nd, 1993, he currently lives in Rasht, Iran and goes by the hacking monikers Sha2w and Sha2walker. He is an active member of the Ashiyane regularly posting and working with fellow members. His passion seem to be eqaully devided between hacking and martial arts. He is a Hydrolic Engineeri, Programmer and Sensei with Hyo Masayushi. His email is [email protected].

According to Senator Dianne Feinstein while discussing our Iranian brothers she stated that the “Financial losses from cyber attacks are approaching $1 trillion a year….”. Iranian hackers are getting smarter, and we are using sophisticated hacking schemes and methods to accomplish our goals. We have infiltrated computer networks of some of the world’s top organizations including airlines, defense contractors, universities, military installations, hospitals, airports, telecommunications firms, government agencies, and energy and gas companies. We have created custom software to hack critical infrastructure and highly sensitive, confidential information from our victims.

Iranian hacking group have collected a lot of information so far, massive databases of user credentials and passwords, diagrams, and screenshots from organizations, companies and governments. We are just getting started, our history and culture span millenia. Our blood runs thick and our memories are forever. We are working together to accomplish our shared goals.

See also our first article on the Kheshtak Security Team here where we talked about the following Kheshtak team members: Hesam Bazvand, Meqdad Mohamadi, Amir Moosavi, Mohammad Reza Espargham, Dariush Nasipour and Mohamad Jorjandi.

Leave a Reply

Your email address will not be published. Required fields are marked *