[ad_1]
New evidence shows that Iranian intelligence and military services are linked to cyber operations targeting Western countries through a network of contracting companies.
A multi-year series of breaches and data collection efforts led by anti-Iranian government hacktivist and dissident networks has exposed the complexities of organizations linked to the Islamic Revolutionary Guards Corps (IRGC) involved in cyberattacks and information manipulation campaigns. The net has been revealed.
Recorded Future, a cyber threat intelligence provider, discussed some of its findings in a new report published on January 25, 2024.
At least four intelligence and military organizations associated with the IRGC were found to be involved with most of the cyber contracting parties. These include:
- IRGC Electronic Warfare and Cyber Defense Organization (IRGC-EWCD)
- IRGC Intelligence Organization (IRGC-IO)
- IRGC Information Protection Organization (IRGC-IPO)
- RGC Foreign Operations Group, also known as Quds Force (IRGC-QF)
“Each organization has specific Advanced Persistent Threat (APT) groups that are closely related. ) was linked to the IRGC-IO through the persona by the rebel group Lab Dookhtegan,” the report said. .
Leaks analyzed by Recorded Future indicate that these agencies maintain long-standing relationships with Iranian-based cyber contractors. Public records also show that the web of front companies connected through individuals known to provide services to various branches of the Revolutionary Guard continues to grow.
Cyber operators involved in offensive cyber activities include Ayandeh Sazan Sepehr Aria Company, Sabrin Kish, Soroush Saman Company, as well as Najee Technology Hooshmand Fater LLC and Emen Net Pasargad. Includes other sanctioned organizations. report.
However, researchers found that there was constant movement within the network of Iran-based cyber contractors, with companies frequently disbanding and rebranding to obscure their activities.
“We have observed that human resources members, typically referred to as “board members,” share roles across different contracting companies. “Some of the data reveals the names of high-ranking Revolutionary Guard Corps officials said to be responsible for leading and coordinating Iran’s offensive cyber ecosystem,” Recorded Future researchers wrote. .
Involved in 2020 US presidential election manipulation campaign
Through their relationships with these cyber contractors, the Iranian government agencies listed above have direct access to ransomware attacks against major U.S. financial institutions, targeting industrial control systems (ICS) in the U.S. and around the world, and various is involved, if not involved. An industry that includes healthcare providers such as children’s hospitals.
They also use a combination of information manipulation and cyber intrusions to destabilize target countries. For example, some of these contractors were involved in targeting the 2020 U.S. presidential election.
Finally, some of these contractors have been found to be exporting their technology overseas for both surveillance and attack purposes.
The leaks indicate that IRGC-related cyberattack infrastructure was used, for example, to deploy financially motivated attacks.
Finally, Recorded Future researchers believe that based on these leaks, U.S. government sanctions are likely an effective legal and diplomatic tool, allowing IRGC-affiliated cyber companies to evade detection. I concluded that it was becoming difficult.
“These efforts are also likely to have a negative impact on contractors’ ability to openly recruit new skilled workers,” the report said.
Read more: Iranian threat group attacks thousands with password spraying campaign
[ad_2]
Source link
