xorl %eax, %eax

Iran Cyber Operations Groups

with 4 comments

Unsurprisingly, after Russia, US, China, DPRK (North Korea), and EU… Here comes the mapping of the offensive cyber operations groups of Iran that have been attributed to a known government entity. Just like in the previous posts, sources and change log are available under the diagram.

If you notice anything missing, incorrect information, mistakes or anything like that please let me know to update it accordingly.

Last update: 13 January 2022



  • Version 2.0 (13 Jan 2022): Updated MOIS based on US CYBERCOM statement.
  • Version 1.5 (06 May 2021): Fixed a typo. Added missing “Focus” entries.
  • Version 1.2 (06 May 2021): Minor fixes (typos, etc.)
  • Version 1.0 (06 May 2021): First publication.

Written by xorl

May 6, 2021 at 13:00

4 Responses

Subscribe to comments with RSS.

  1. how did you miss israel. its a major player. please do for it.


    May 16, 2021 at 12:34

  2. I only know of IDF Unit 8200 doing offensive cyber operations in Israel and being linked with known APT groups.

    I have it in my backlog.


    May 17, 2021 at 15:17

  3. hello. nice job! could you share how you link DomesticKitten to IRGC-IO ? is there opensource attribution ?


    June 15, 2022 at 18:12

  4. It’s highlighted in the sources. Check the ones referencing DOMESTIC KITTEN.


    June 22, 2022 at 07:18

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: