Cybersecurity experts are sounding the alarm as a series of coordinated cyberattacks, attributed to hacker groups with strong ties to Iran’s Islamic transformative Guard Corps (IRGC), have targeted a wide range of global institutions. The campaigns have demonstrated a clear and evolving strategy, moving beyond simple disruption to encompass data theft, propaganda, and psychological operations against financial, governmental, and media organizations.
Recent incidents highlight the scope of the threat. In a high-profile attack, a group identified as “Banished Kitten,” also known as “Storm-0842,” was linked to a campaign that infiltrated the Telegram accounts of journalists at the London-based news outlet Iran International. The attack, which used malware-laced messages, is seen as part of a larger effort to intimidate and silence independent media. This “hack-and-leak” tactic is also evident in political spheres, with U.S. government officials recently indicting IRGC-affiliated hackers for a campaign aimed at influencing a past U.S. presidential election. The indictment alleges the hackers stole and distributed non-public campaign materials to news outlets in a bid to sow discord.
The financial sector has also been a major target. In a recent conflict-related cyberattack, an actor known as “Predatory Sparrow” claimed responsibility for crippling services at two major Iranian banks, Bank Sepah and Pasargad. The attack reportedly wiped banking data and drained millions of dollars in cryptocurrency, causing widespread service disruptions and a temporary halt to military payroll. While this particular attack targeted Iranian institutions, it illustrates the advanced capabilities of these groups and their willingness to use destructive tactics. In the past, similar attacks have been directed at U.S. financial institutions, costing them tens of millions of dollars.
Government agencies and critical infrastructure are also under constant threat. Cybersecurity advisories from agencies like CISA and the FBI have warned that IRGC-affiliated groups routinely exploit poorly secured networks and devices. The groups often leverage known vulnerabilities in outdated software and use brute-force methods to gain access, with the goal of conducting disruptive attacks and data theft. The activities of groups like “CyberAv3ngers” in targeting water utilities and industrial control systems underscore the physical and psychological dangers posed by these state-sponsored cyber actors.
The consensus among cybersecurity analysts is that these groups are not acting as isolated entities but as part of a tightly integrated, state-sponsored cyber apparatus. Their operations are designed to achieve a mix of espionage, sabotage, and propaganda, making them a multifaceted and persistent threat to international stability and security.
