According to a new study released on Wednesday, a team of prolific Iranian IRGC hackers has likely been crucial to Iran’s attempts to monitor its domestic and international foes in recent years by targeting US government officials, Iranian dissidents, and journalists.
According to research from US cybersecurity firm Mandiant, the hackers have attempted to hack into the mobile phones of Iranian dissidents as well as the email accounts of US government officials concerned with Iran policy. This emphasizes how heavily the IRGC’s surveillance apparatus is allegedly dependent on cyber operations.
The study was released a month after US prosecutors made public an indictment of an IRGC member for his alleged participation in a plan to kill former US national security advisor John Bolton. Iranian hackers are not connected to that scheme in the Mandiant report. Analysts do, however, connect the hackers to repression: in 2018, they are said to have targeted the Gmail account of an Iranian activist who had been detained by the Iranian government earlier that year.
The report claims that between March and June of last year, the hackers targeted US government officials concerned with the Middle East and Iran policy using a stolen email account belonging to a member of a US-based think group.
It’s not known whether the US government agency was the target of the hacking efforts or if they were successful. A representative at Mandiant declined to provide any context on the story. Regarding the suspected Iranian hacking attempts against US government accounts, CNN has asked the National Security Council for comment.
Based on the hackers’ objectives, which align with the IRGC’s goal of pursuing external threats to the regime and perceived domestic opponents, Mandiant researchers said they had “moderate confidence” that the hacking organization described in their study is affiliated with a spy agency inside the IRGC.
The Iranian government appears to have “trusted the hackers to rapidly react to geopolitical shifts by changing their flexible operations to targets of operational interest to Tehran,” according to Mandiant’s study.