Iranian Cyberwarfare History and Capabilities

State of (CyberWar) Episode 6.2

In part III of our Middle East cyberwarfare mini-series, Hugo Tarrida and John Salomon talk about probably the most complex topic yet – Iran.

Following our analysis of the broader Middle East region, and of Israeli capabilities and activities, today’s episode is an overview of Iran – the history of its online conflict capabilities, the history behind the establishment of these, and some major cyberattacks and influence campaigns attributed to the country and its various agencies and stakeholders.

Notes and Links:

As with our previous vide on Israel, it’s difficult to judge the impartiality and factualness of many websites describing Iranian capabilities. We will thus stick to Wikipedia unless there’s something better – we tend to trust most US or European government agencies’ and mainstream vendors’ analysis, and certain reputable news sites unless there is a compelling reason not to do so.

We lean a lot on “the usual suspects” such as the BBC, The Guardian, the Council on Foreign Relations, and particularly, Wikipedia; yes, we know you’re not supposed to do that. As always, do your own homework and draw your own conclusions, we’re not here to push a narrative.

We have our own views and opinions of current events. This discussion is not intended to endorse or condemn any particular viewpoint.

As with Hebrew, we don’t speak a word of Farsi. Online translations tend to be even less consistent than those for Hebrew, so again, your mileage may vary.

01:24 Because someone will inevitably get mad, and we don’t want that.
02:13 Islamic Republic of Iran Armed Forces: (or if you prefer the official website:
02:02 IRGC:
02:18 IRGC, aka “Sepah” (in Iran, according to Wikipedia): – a very cursory search didn’t yield an official website. Possibly they have some SEO work to do.
02:29 Quds Force:
02:34 Hezbollah:
02:35 Houthis:
02:58 We may have gotten confused here – the US government has multiple pages listing sanctions on the “IRGC-CEC”, but outside of these, and news articles covering these sanctions, we can’t really find anything on this organization. There is, however, the IRGC Cyber Defense Command:
03:50 A lot of information comes from either US government sanctions (see above), Iranian anti-government activist groups, and vendors/CSIRTs providing threat actor information – it is surprisingly difficult to find objective, well-researched information on IRGC and regular armed forces cyber actors. The language barrier is probably a major issue.
03:45 Information on the Supreme Council of Cyberspace (BBC: Supreme Council of Virtual Space) is slim, for example or Wikipedia´s page at – the official website has a lot of photos of guys in hats meeting and looking serious.
05:07 National Information Network:
05:17 Great Firewall of China: – this comparison may be a bit of a stretch, although by some accounts we’ve read, Iran’s domestic Internet offers pretty high speeds as well as content filtering/surveillance, so maybe it’s not a terrible analogy.
06:20 Al Jazeera article on the topic:
07:20 – includes a link to INSS report on the topic (the mentioned Israeli think tank)
07:51 Honker Union:
07:57 2010, sorry. Article:
08:44 For example: and – that said, we may have gotten things a bit mixed up since there are also a lot of non-malware (of the massive-pile-of-FPGA type) Iranian cryptominers – a bunch of which were shut down in 2019 after power usage concerns:
09:16 Russian government entities may not be big ransomware actors, but Russian state-affiliated and state-tolerated actors are sure a different story…
09:40 A 2022 indictment of Iranian ransomware actors came alongside OFAC sanctions of IRGC-affiliated ransomware attacks around the same time:
11:12 OilRig / Helix Kitten:
13:52 Shamoon:
14:00 Sony Pictures hack:
14:55 Operation Ababil:
15:24 Nope, not gonna link it
16:37 Edalat-e Ali: – note that a lot of sites discussing this group seem to have a decidedly anti-regime view. Not that that’s a bad thing, but we’re really trying to keep it factual
18:18 Islamic Republic of Iran Broadcasting: + – again, the Iranian government is really not great at (at least English language/international) SEO for their own websites
21:30 – according to a Persian language website linked to in the above Wikipedia article, Khamenei ordered the Supreme Council of Cyberspace to ban VPNs outright in February 2024.
23:04 AnonGhost; – a lot of sites associate it with #OpIsrael, for example – but given Anonymous’ decentralized and fluid nature, who knows (a case study on JSTOR (pdf) that makes only passing reference to #OpIsrael refers to “Anon” as a group which it most certainly is not…)|
34:54 Press TV: – Wikipedia:
38:06 Also check out our episode on Chinese disinformation activities, including the 50 Cent Party:

Bonus links about Iranian disinformation activities:

Natto Thoughts always has some good resources on disinformation:
New York Times – “From Opposite Sides of War, a Hunt for Elusive Facts”:
Israel-Hamas armed conflict resource hub:
How Longstanding Iranian Disinformation Tactics Target Protests –
Israel-Hamas armed conflict resource hub –

You can find CyAN’s Secure-in-Mind YouTube channel at – and of course, our videos about cyber conflict on the State of (Cyber)War playlist here. All of our episodes are also available in audio format on Apple iTunes, Amazon Audible, Podcast Republic, Spotify, and Libsyn – links on our Media page.