Researchers Discovered Iranian State-Sponsored Ransomware Operation!

According to the investigation, the Iran state-sponsored group is linked with some ransomware operations. Iran Islamic Revolutionary Guard Corps (IRGC) was executing a state-sponsored campaign with the help of an Iranian organization named Emmen Net Pasargad.

The experts said that three documents are leaked on the Telegram channel by the company identified as reading My Links between 19th March to 1st April. However, the dubbed Project Signal said that they have to kickstart it between July 2020 to September 2020 by assisting with ENP internal research organization called as Studies Center that has the list multiple targeted websites.

Although another spreadsheet is also verified by the experts that details of these attacks were planning to launch some ransomware operations between Oct 18 and 21, other work flaws are also outlined which includes the steps that received the payment in Bitcoin and decrypting the sealed data. 

Whereas, the law enforcement agencies are still not clear who are conducting these attacks and who are the targets?

But the researchers said that these ENP is working for Iran’s intelligence department that provides the cyber capabilities and also assists Iran’s Islamic Revolutionary Guard Corps and Iran’s Ministry of intelligence and Security.

Researchers Discovered Iranian State-Sponsored Ransomware Operation!

Although the project ransomware is the suspect they may use the subterfuge technique while enhancing the procedures, tactics, and other financial ransomware groups that make these attributions harder while blending the other threat groups. 

Since the Project Signal is also associated with multiple Iranian ransomware campaign that was called as Pay2Key which ensured that multiple Israeli organizations in November or in December. Another cybersecurity firm said that these attacks group are named as Fox Kitten and due to lack of information it is still not clear that who are leading these campaigns.

Summering Up

However, this is not the first time when the organization Lab Dookhtegan has leaked the confidential information associated with Iran’s cyber group. They also leaked the secrets of an Iranian attack group named APT34. The organization published the adversary that contains the details of hacking tools and also the information of 66 organizations that infecting the other entities of the Iranian government agents.

Iran’s other ransomware operations will also be linked with other tech firms and government organizations named Ransomware Task Force. The organization shared a report of 81 pages and having a list of 48 other ransomware attacks. This will help the targeted organizations while revoking these attacks in the future.

Leave a Reply