Public records and documents leaked by Iranian anti-government groups suggest that several Middle Eastern cybersecurity firms are part of networks of government officials and cybersecurity specialists that have links to the Iranian Revolutionary Guard Corps. The firms have contributed to, or are responsible for, cyber attacks on democratic processes in Western countries, have targeted industrial control systems and critical infrastructure, and have cause compromises at major financial institutions.
In the cybersecurity community, the contractors are suspected to be linked to the activities of Cotton Sandstorm and Imperial Kitten threat actors, respectfully. The research and leaked data show many contractors and individuals that are responsible for cyber operations that link to Iran’s military and intelligence organizations. The US had previously sanctioned groups connected to Iranian intelligence after cyberattacks on critical infrastructure occurred in the US and European countries. As a result of these sanctions, several contractors in Iran have shut down, but experts are expecting them to restart under different names.
Read More: Iran’s ‘Cyber Centers’ Dodge Sanctions to Sell Cyber Operations