The cybersecurity agencies of the U.S. and Israel have issued a recent advisory linking an Iranian cyber group to activities targeting the 2024 Summer Olympics. This group reportedly compromised a French commercial dynamic display provider, displaying messages that criticized Israel’s involvement in the event.
The group responsible for these actions has been identified as Emennet Pasargad, which has been operating under the alias Aria Sepehr Ayandehsazan (ASA) since mid-2024. This group is also referred to in the cybersecurity community under various names, including Cotton Sandstorm, Haywire Kitten, and Marnanbridge.
“The group has demonstrated new methods in executing cyber-enabled information operations into mid-2024 using various cover personas,” stated the advisory. “This includes multiple cyber operations that occurred during the 2024 Summer Olympics, specifically the breach of a French commercial display provider.”
According to the U.S. Federal Bureau of Investigation (FBI), the Department of Treasury, and the Israel National Cyber Directorate, ASA has also been involved in stealing content from IP cameras and employing artificial intelligence (AI) tools like Remini AI Photo Enhancer, Voicemod, and Murf AI for voice modulation, as well as Appy Pie for image generation to disseminate propaganda.
Regarded as part of the Islamic Revolutionary Guard Corps (IRGC), the threat actor is known for its cyber and influence operations under various personas such as Al-Toufan, Anzu Team, Cyber Cheetahs, Cyber Flood, For Humanity, Menelaus, and Market of Data.
One notable tactic recently observed involves using fictitious hosting resellers to create operational server infrastructure for its own needs and for another actor in Lebanon, aiding the hosting of websites affiliated with Hamas.
The advisory noted, “Since about mid-2023, ASA has utilized multiple cover hosting providers for managing infrastructure and obscuring its actions. These providers include ‘Server-Speed’ and ‘VPS-Agent.’
Additionally, “ASA established its own resellers and secured server space from European providers, including BAcloud in Lithuania and Stark Industries Solutions/PQ Hosting in the UK and Moldova, respectively. ASA uses these resellers to supply operational servers for its malicious cyber activities.”
The attack on the unnamed French commercial display provider occurred in July 2024, utilizing VPS-agent infrastructure to project photo montages that criticized Israeli athletes’ participation in the Olympics and Paralympics.
Moreover, ASA allegedly attempted to reach out to Israeli hostage families following the onset of the Israeli-Hamas conflict in early October 2023, under the persona Contact-HSTG, sending messages likely intended to inflict psychological harm.
This threat actor is also linked to another persona known as Cyber Court, which promoted activities of various cover-hacktivist groups both on a Telegram channel and a dedicated website.
Both vps-agent.net and cybercourt.io domains have since been seized as part of a collaborative law enforcement action by the U.S. Attorney’s Office for the Southern District of New York and the FBI.
Further developments indicate that following the outbreak of war, ASA has been exploring and collecting data from IP cameras in Israel, Gaza, and Iran, as well as gathering intelligence on Israeli fighter pilots and drone operators through various online platforms.
In a related effort, the U.S. Department of State has introduced a reward of up to $10 million for information leading to the identities or locations of individuals linked to an IRGC-affiliated hacking group known as Shahid Hemmat, which has targeted critical infrastructure in the U.S.
“Shahid Hemmat is connected to cyber attacks directed at the U.S. defense industry and international transportation sectors,” it reported.
Furthermore, it has been noted that as part of IRGC-CEC, Shahid Hemmat has associations with numerous IRGC-CEC members and organizations, including specific named individuals and the company Emennet Pasargad.
Welcome to DediRock, your trusted partner in high-performance hosting solutions. At DediRock, we specialize in providing dedicated servers, VPS hosting, and cloud services tailored to meet the unique needs of businesses and individuals alike. Our mission is to deliver reliable, scalable, and secure hosting solutions that empower our clients to achieve their digital goals. With a commitment to exceptional customer support, cutting-edge technology, and robust infrastructure, DediRock stands out as a leader in the hosting industry. Join us and experience the difference that dedicated service and unwavering reliability can make for your online presence. Launch our website.