Iran International has obtained photos of key Iranian players in global cyberattacks who are affiliated with various government intelligence agencies in Tehran.
The most recent case of a destructive cyberattack attributed to Iranian intelligence operatives was an intrusion by hackers into Albanian government computer systems that began in 2021 and ended with a massive disruption in July, according to Microsoft’s security investigations. Information was stolen and public services disrupted by the Iranian hackers, because Albania is hosting an opposition group.
Last week, Albania cut diplomatic relations with Iran and expelled its diplomats and immediately its security forces entered the embassy compound looking for evidence.
The United States imposed sanctions on Iran’s intelligence ministry and its minister, with NATO also expressing support for its member state Albania.
According to information obtained from Backdoor cybersecurity firm the head of cyber warfare of Iran’s Revolutionary Guard (IRGC) is a person identified as 61-year-old Hamidreza Lashkarian (Lashgarian) living in Tehran and apparently a university lecturer with published articles. He has a background of involvement in various IRGC intelligence operations against commercial navigation and other clandestine activities.
Last year, a group called Sayyad Project had targeted the airport of Albania’s capital Tirana. An anti-Iran cyber group called Lab Dookhtegan or Read My Lips revealed the identity of the person directing the cyberattack as Mohammad-Bagher Shirinkar.
Iran International has obtained his photo from Backdoor and his alias is Mojtaba Tehrani, sanctioned by the United States for his tied with the IRGC.
His brother Mhammad-Hossein Shirinkar is also one of the main actors in the Sayyad group. He is reportedly the head of IRGC Intelligence Inspectorate, according to Lab Dookhtegan.
Another operator is Mehdi Hashemi Tughraljardi who is the brother-in-law of Shirinkar brothers. He is also sanctioned by the US and general director of a digital company in Tehran.
Microsoft’s investigation made clear conclusion about the cyberattacks on Albanian public digital infrastructure. “Microsoft assessed with high confidence that on July 15, 2022, actors sponsored by the Iranian government conducted a destructive cyberattack against the Albanian government, disrupting government websites and public services,” adding that Microsoft security intelligence assesses that a separate Iranian state-sponsored actor leaked sensitive information that had been exfiltrated months earlier through various websites and social media outlets.
“Microsoft assessed with moderate confidence that the actors involved in gaining initial access and exfiltrating data in the attack are linked to EUROPIUM, which has been publicly linked to Iran’s Ministry of Intelligence and Security (MOIS),” Microsoft said.
According to Microsoft, attackers were observed operating out of Iran and used tools and a wiper code previously used by other known Iranian attackers with a history of targeting other sectors and countries that are consistent with Iranian interests.