An Iranian Hacker Confesses

Government agencies and security experts are concerned that retaliatory cyberattacks against the Western world are highly likely after President Trump's 8th May announcement that the United States would abandon the Iran nuclear deal.

Given that the Islamic Republic of Iran commonly responds to sanctions with offensive cyber campaigns, understanding the hierarchy of Iran's hackers offers insight into how to best defend against the looming prospect of risk.

The Insikt Group, a threat research team that is part of Recorded Future community, has released new research on cyber-activity in Iran.

The information was garnered through interviews with a former Iranian hacker, who started one of Iran's first security forums. 

"Judging from historical patterns, the businesses likely to be at greatest risk are in many of the same sectors that were victimised by Iranian cyber-attacks between 2012 and 2014 and include banks and financial services, government departments, critical infrastructure providers, and oil and energy," wrote Levi Gundert, VP of threat intelligence at Recorded Future.

Iranian cyber-operations have long been administered through a tiered approach, using a trusted group of middle managers to translate intelligence priorities into segmented cyber-tasks. Those tasks are then bid out to multiple contractors, a system that pits contractors against each other for influence with the Iranian government. In addition, the Insikt Group analysed web traffic across prestigious academic institutions to find several activities of concern emanating from various registered ranges. 

These include allocated IP spaces of Iran's Cyberspace Research Institute, the Imam Hossein Comprehensive University and the Mabna Institute, which was publicly identified in an FBI indictment (pictured) as a front company engaged in hostile state-sponsored cyber-espionage.

Iran has a unique dynamic between trust and skill in selecting contractors to work for the Islamic Republic in accomplishing its offensive cyber-campaigns. 

However, "We believe that contractor selection for this response may favor speed and skill over trust and loyalty, resulting in the use of new or unproven contractors," said Gundert. 

"New or unproven contractor’s actions could result in a destructive attack with potentially wider impact than originally envisioned by the Iranian government."

"American businesses should be aware of Iran’s history and the likely response that these economic sanctions will trigger. Specifically, the financial services and energy industries should be preparing for the Iranian government’s response," said Gundert.

Infosecurity Magazine

You Might Also Read: 

Iran Likely To Retaliate With Cyberattacks:

Iranian Hackers Have Infiltrated US Infrastructure:


 

 

« Is the Pentagon Cloud Secure Enough to Hold Nuclear Secrets?
Preventing Another Wannacry »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Concise Technologies

Concise Technologies

Concise Technologies provide specialist IT and telecoms solutions, support services, managed backup, disaster recovery, cyber security and consultancy to SME businesses across the UK and Europe.

Towergate Insurance

Towergate Insurance

Towergate Insurance is a leading UK specialist insurance broker. Business products include Cyber Liability Insurance.

PROMIA

PROMIA

PROMIA is in the business of providing solutions that are designed to support highly secure, reliable, scalable and interoperable business applications.

Cybernetic Global Intelligence (CGI)

Cybernetic Global Intelligence (CGI)

CGI is a global IT Security firm that helps companies protect their data and minimize their vulnerability to cyber threats through a range of services such as Security Audits and Managed Services.

QA

QA

QA is a leading IT training provider in the UK with over 1,500 courses covering all areas of IT including Cyber Security.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

Wipe-Global

Wipe-Global

Wipe-Global is specialized in data erasure with an international established service partner network.

Quantum Security

Quantum Security

Quantum's game-changing approach to cybersecurity brings you performance and peace-of-mind, with a raft of additional benefits: it's non-proprietary, comprehensive, scalable, and affordable.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

Forever Group

Forever Group

Forever Group is a Managed Services Provider specialising in Telecommunications, IT Support, and Cyber Security.

AB Handshake

AB Handshake

AB Handshake offers a game-changing solution for telecom service providers that eliminates fraud on inbound and outbound voice traffic.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Otava

Otava

Otava is a global leader of secure, compliant hybrid cloud and IT solutions for service providers, channel partners and enterprise clients.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

Socura

Socura

Socura helps make the digital world a safer place; changing the way organisations think about cyber security through a dynamic, innovative, and human approach.