Cyber Threat Actor: Iranian Revolutionary Guard Corps
| Actor Type | Location | Known Incidents |
Nation State
|
Iran
|
2 incidents |
|---|
Profile
The threat actor known publicly as the Revolutionary Guard, also referred to as the Iranian Revolutionary Guard or the Iranian Revolutionary Guard Corps, operates from Iran and is recognized as a state‑sponsored entity. Its affiliation with Iran’s military establishment has been cited in multiple official attributions linking its cyber activities to the country’s strategic interests. The actor’s identity is consistently tied to the Revolutionary Guard’s mandate to conduct operations that support national objectives through both conventional and unconventional means.
Targeting patterns observed in publicly reported incidents show a focus on governmental and critical infrastructure sectors in Western nations. In late 2018 the actor conducted a broad campaign against United Kingdom infrastructure, compromising personal data of executives from organizations such as the Post Office and targeting financial institutions, local government networks, and high‑tech firms to acquire intellectual property and create societal disruption. Earlier, in November 2015, the same actor directed intrusions toward officials of the Obama administration, gaining access to email and social media accounts in what U.S. officials described as a retaliatory measure following the arrest of an Iranian‑American businessman in Tehran. These operations demonstrate a dual emphasis on economic espionage and political disruption, with the stated goals of destabilizing adversarial societies and advancing state‑directed intelligence collection.
The two campaigns represent the most detailed examples of the actor’s publicly disclosed activity. The 2018 UK‑focused effort was characterized by widespread data theft and was met with mitigation support from national cybersecurity authorities, who explicitly attributed the effort to individuals associated with Iran’s Revolutionary Guard. The 2015 intrusion against U.S. officials was similarly attributed to the Revolutionary Guard’s military force and highlighted the actor’s capability to infiltrate high‑level government communications. Both incidents underscore the actor’s reliance on state backing and its use of cyber tools to pursue strategic aims that combine espionage with attempts to undermine confidence in targeted institutions. No further technical details such as specific malware families or initial access vectors are provided in the source material, so the profile remains confined to the confirmed facts of attribution, targeting, objectives, and the outlined operations.
