Iranian state-sponsored actor with strategic intelligence interest in the global energy supply chain. Long-running password-spray and credential-theft campaigns against aviation and defense industria…
Iranian state-sponsored actor publicly assessed to operate on behalf of the Iranian government, with persistent targeting of Middle East government, financial, energy, and telecommunications organiza…
Iranian state-sponsored actor associated with the IRGC. Conducts long-term espionage and credential-phishing operations against journalists, dissidents, U.S. and Israeli government targets, and acade…
Iranian state-affiliated intrusion set publicly attributed to Rana Intelligence Computing — an MOIS (Ministry of Intelligence and Security) front company sanctioned by the U.S. Treasury OFAC in Septe…
Iranian state-aligned hacktivist persona publicly attributed by the U.S. Treasury OFAC in February 2024 as a front for the IRGC Cyber-Electronic Command. Conducts opportunistic compromise of internet…
Pro-Palestine hacktivist persona operated by the Iranian MOIS-affiliated **Void Manticore** cluster — see the parent actor entry for the full attribution chain. Named for the Naji al-Ali cartoon char…
Public-facing hacktivist persona operated by the Iranian MOIS-affiliated Void Manticore cluster, used for the July 2022 destructive intrusion of the Albanian government's central IT infrastructure. T…
Iranian state-sponsored actor publicly attributed in 2022 by U.S. Cyber Command to subordinates of the Ministry of Intelligence and Security (MOIS). Conducts espionage and access operations against t…
Iranian state-affiliated intrusion set publicly attributed by FBI, CISA, and DC3 in joint advisory AA24-241A as connected to the Government of Iran and operating partly through an Iranian IT-services…
Iranian state-sponsored intrusion set publicly attributed to the Ministry of Intelligence and Security (MOIS), specialised in destructive operations and conducting them under a rotating set of public…