Iran’s Cyber Centers skillfully evade sanctions, peddling cyber mastery

TLDR: Several cybersecurity contractors in Iran, such as Emen Net Pasargad and Mahak Rayan Afraz, are part of networks of government officials and cybersecurity specialists that have links to the Iranian Revolutionary Guard Corps, according to leaked documents. These contractor firms are responsible for attacks on democratic processes, targeting industrial control systems and critical infrastructure, and compromises at major financial institutions. The leaked data highlights networks of contractors and individuals responsible for cyber operations that constitute “cyber centers” that link to Iran’s military and intelligence organizations. The contractors are suspected to be linked to threat actors known as Cotton Sandstorm and Imperial Kitten. Sanctions have resulted in some contractors shutting down, but experts expect them to restart under different names. These contractors are likely considered legitimate commercial entities in Iran. The Iranian contractors are not alone in their arrangements with government officials, as Russia’s cyber operations are often run by private companies. The contractors highlighted in the report are not only profiting from operations in Iran but also across the border by selling services to other nations, including Iraq, Syria, and Lebanon.