A hacktivist group known as “Lab Dokhtegan” (“Sealed Lips”) has published the identities of a number of alleged hackers working for the IRGC’s cyber division.
In a series of posts on Telegram at the weekend, the group named and shared the pictures of 15 people working for two companies, Naji Technology and Afkar System. These, it said, were “cover companies” affiliated with the IRGC.
The individuals were said to be members of well-known pro-regime cybercrime outfits including Phosphorus, Charming Kitten, Cobalt Mirage, Nemesis Kitten and TunnelVision, which have carried out a series of sophisticated attacks on targets within and outside Iran in recent years.
Apart from trying to steal information or cause disruption in Europe and the US, Lab Dokhtegan said these groups had also used programs like BitLocker to encrypt victims’ computers, then extort them for ransom money.
Accusing the “bastards of Sepah” of “stealing money for themselves and the disgusting regime”, the group wrote on Telegram: “We strongly condemn the waste of our people’s money on funding these terrorist activities. We will do everything we can to inform the victims and their governments about the identity of their attackers.”
Last year the US Cybersecurity and Infrastructure Security Agency (CISA) said hacking groups backed by the Islamic Republic were exploiting weaknesses in platforms like Microsoft Exchange and Frontier to infiltrate target entities.
Last month it also emerged that in the summer of 2021 the FBI thwarted a “despicable” attempted attack on Boston Children’s Hospital. This was attributed to Iran, which uses many of the same techniques as state hackers in North Korea.
Lab Dokhtegan has said it may publish further information on the group in due course.