Not Simon 🐐

Country: Islamic Republic of Iran Organization: Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) Objective: Disruption (Page Last Updated: January 19, 2025)

Aliases:

• CyberAv3ngers (CERT-FA, CISA, ETDA, Fortinet, Kaspersky, Malpedia, MITRE, SentinelOne)
• Storm-0784 (Microsoft)

Links to Other Groups/Personas

• Soldiers of Solomon (CISA, Microsoft)

Identified Members

• Hamid Reza Lashgarian (حمیدرضا لشکریان): head of IRGC-CEC, also IRGC-Qods Force commander
• Hamid Homayunfal (حمید همایون فال): IRGC-CEC senior official
• Mahdi Lashgarian (مهدی لشکریان): IRGC-CEC senior official
• Milad Mansuri (میلاد منصوری): IRGC-CEC senior official
• Mohammad Bagher Shirinkar (محمد باقر شیرین کار): IRGC-CEC senior official
• Mohammad Amin Saberian (محمد امین صابریان): IRGC-CEC senior official

General Information

• Rewards for Justice

Vulnerabilities Exploited

• CVE-2023-6448 (9.8 critical, in CISA's KEV Catalog) Unitronics Vision PLC and HMI Insecure Default Password Vulnerability Source: CISA
• CVE-2023-28130 (7.2 high) CheckPoint Gaia Portal Privilege Escalation Vulnerability Source: SentinelOne

Tactics, Techniques, and Procedures

Mapped to MITRE ATT&CK

References

Disclaimer: Not an exhaustive list of resources. Most contain actionable intelligence, not just news reporting.

Links (Sorted in Chronological Order)

2024

• December 18, 2024 – CISA: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities (UPDATE)
• October 09, 2024 – OpenAI: Influence and cyber operations: an update (PDF)
• February 02, 2024:
  • U.S. State Department: Designating Iranian Cyber Officials
  • U.S. Treasury: Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (ATTRIBUTION to IRGC-CEC)

2023

• December 01, 2023 – CISA: IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including US Water and Wastewater Systems Facilities (ATTRIBUTION to IRGC)
• November 30, 2023 – SentinelOne: Iran-Backed Cyber Av3ngers Escalates Campaigns Against U.S. Critical Infrastructure
• November 28, 2023 – CISA: Exploitation of Unitronics PLCs used in Water and Wastewater Systems
• November 26, 2023 – CBS News: Municipal Water Authority of Aliquippa hacked by Iranian-backed cyber group (news article)
• October 16, 2023 – Kaspersky: A hack in hand is worth two in the bush

Feedback: Please direct message any comments, concerns, corrections or questions to https://infosec.exchange/@screaminggoat