Menu
Browse

Cyber Threat Actor: Adalat Ali

Aliases: 3 aliases
Actor Type Location Known Incidents
 Icon
Activist
Iran
4 incidents
Profile

The group operates under the aliases Adalat Ali, Ali's Justice and Edalat-e Ali, and is based in Iran. It functions as a hacktivist group that has conducted a series of cyber operations against Iranian government targets since at least 2021. The group publicly claims responsibility for its actions via Telegram channels and social media posts. Its activities are framed as support for domestic protest movements and opposition to the ruling authorities.

The group's primary targets are Iranian state media outlets, including the Islamic Republic of Iran Broadcasting television and radio transmissions, and internal security systems such as prison CCTV networks. By hijacking live broadcasts and web streams, the group aims to disrupt official messaging and disseminate anti‑regime slogans. Its stated objectives include encouraging citizens to withdraw funds from state banks, join nationwide protests, and demand the removal of senior leaders. These actions serve a dual purpose of causing operational disruption and amplifying political dissent.

The group's observed tactics involve signal hijacking of terrestrial TV feeds, compromise of web‑based streaming platforms, and unauthorized access to internal surveillance systems. In the television incidents the group replaced legitimate programming with pre‑produced video or text messages urging protest actions. In the prison operation they breached the control room of Evin prison, rebooted systems and leaked video footage of inmate abuse to international media outlets. The group relies on public messaging platforms such as Telegram to announce successes and distribute leaked material.

No public evidence links the group to a foreign state sponsor, and it is not described as part of a known criminal consortium or mercenary outfit. Attribution remains limited to the group's own claims and independent media verification of the disclosed incidents. Consequently, the group is assessed as an ideologically motivated hacktivist operating independently within Iran.

Representative operations conducted by the group include the February 2023 Revolution Day hack that substituted the president's speech with anti‑government slogans and calls for bank withdrawals, the October 2022 TV breach that displayed the supreme leader in crosshairs alongside images of protest victims, the February 2022 web‑stream hijack during an Iran‑UAE soccer match that repeatedly aired a protest‑encouraging video, and the August 2021 Evin prison CCTV intrusion that exposed systematic abuse of detainees. Each incident was followed by a public claim of responsibility and subsequent media coverage of the leaked content or broadcast disruption.

Incidents
Attributed incidents available to members
4 incidents
Sources
Sources available to members
3 sources