U.S. and Israeli cybersecurity agencies have jointly released a new advisory linking an Iranian cyber group to targeting the 2024 Summer Olympics and infiltrating a French commercial dynamic display provider to showcase messages condemning Israel’s participation in the event.
The responsible entity, identified as Emennet Pasargad operating under the alias Aria Sepehr Ayandehsazan (ASA), has been active since mid-2024 and is also known in the cybersecurity community as Cotton Sandstorm, Haywire Kitten, and Marnanbridge.
According to the advisory, ASA, in collaboration with the U.S. Federal Bureau of Investigation (FBI), Department of Treasury, and Israel National Cyber Directorate, utilized various techniques, including stealing content from IP cameras and employing AI software for spreading propaganda.
The group, believed to be associated with Iran’s Islamic Revolutionary Guard Corps (IRGC), is known for its cyber and influence operations under multiple personas such as Al-Toufan, Anzu Team, and Cyber Cheetahs.
One of the notable tactics employed by ASA involves the use of fictitious hosting resellers to set up server infrastructure for its activities and for hosting websites linked to Hamas.
In July 2024, the group targeted a French display provider using VPS-agent infrastructure to display critical images regarding Israeli athletes in the Olympics.
Additionally, ASA allegedly attempted to reach out to Israeli hostage families post the Israeli-Hamas conflict in early October 2023 to cause psychological distress.
Following a law enforcement operation, domains like vps-agent[.]net and cybercourt[.]io associated with ASA have been seized.
ASA’s actions post the conflict involved obtaining information from IP cameras in Israel, Gaza, and Iran, as well as gathering data about Israeli fighter pilots and UAV operators through various online platforms.
The U.S. Department of State has offered a reward of up to $10 million for information on individuals associated with the IRGC-linked hacking group Shahid Hemmat, known for targeting critical U.S. infrastructure.
For more exclusive content, follow us on Twitter and LinkedIn.
