TLDR: Several cybersecurity contractors in Iran, such as Emen Net Pasargad and Mahak Rayan Afraz, are part of networks of government officials and cybersecurity specialists that have links to the Iranian Revolutionary Guard Corps, according to leaked documents. These contractor firms are responsible for attacks on democratic processes, targeting industrial control systems and critical infrastructure, and compromises at major financial institutions. The leaked data highlights networks of contractors and individuals responsible for cyber operations that constitute “cyber centers” that link to Iran’s military and intelligence organizations. The contractors are suspected to be linked to threat actors known as Cotton Sandstorm and Imperial Kitten. Sanctions have resulted in some contractors shutting down, but experts expect them to restart under different names. These contractors are likely considered legitimate commercial entities in Iran. The Iranian contractors are not alone in their arrangements with government officials, as Russia’s cyber operations are often run by private companies. The contractors highlighted in the report are not only profiting from operations in Iran but also across the border by selling services to other nations, including Iraq, Syria, and Lebanon.
Iran’s Cyber Centers skillfully evade sanctions, peddling cyber mastery
Latest from News
Are British SMBs ready to level up with Cyber Security Bill?
TLDR: The Cyber Security and Resilience Bill aims to tighten supply chain security in the UK. Experts are concerned about the impact of the
TfL cyber attack forces staff to work remotely
TLDR: TfL Cyber Attack Disrupts Services, Forcing Staff to Work From Home Key Points: A cyber attack targeting Transport for London (TfL) has disrupted
Mustang Panda: Worm-Powered USB Attack Plan
TLDR: Mustang Panda is back with new self-propagating malware spreading through USB drives and spear-phishing. They are targeting government entities in the Asia-Pacific region
Researcher hacks CI/CD pipelines for complete server control
TLDR: A security researcher exploited CI/CD pipelines to gain full server access by exploiting a security flaw in an exposed .git directory. The attacker
CISA alerts to three active exploits in the wild
TLDR: Key Points: CISA warns of three actively exploited vulnerabilities affecting ImageMagick, Linux Kernel, and SonicWall SonicOS Vulnerabilities could lead to remote code execution,