Cyber Incident Victim: Iranian Civil Defense Agency

On June 17, 2019, Iranian authorities announced the dismantling of a cyber espionage network attributed to the U.S. Central Intelligence Agency (CIA). Ali Shamkhani, Secretary of Iran’s Supreme National Security Council, stated that Iranian intelligence agencies had identified and neutralized what he described as "one of the most complicated CIA cyber espionage networks," which allegedly played a significant role in CIA operations across multiple countries. The operation reportedly occurred "a while ago" prior to the public announcement, though no exact timeframe was provided. Shamkhani claimed Iran shared intelligence about the exposed network with allied nations, leading to the identification and arrest of several CIA intelligence agents in unspecified countries. He did not disclose the number of individuals detained or their locations. The public disclosure was justified by Shamkhani as necessary for public awareness, citing unspecified prior U.S. releases of information about the case.

This announcement occurred amid escalating tensions between the U.S. and Iran following the Trump administration’s withdrawal from the 2015 nuclear deal and its imposition of sanctions targeting Iran’s oil exports. The U.S. had recently accused Iran of attacking two oil tankers in the Gulf of Oman on June 13, 2019—an allegation Iran denied. Concurrently, the U.S. military deployed a carrier strike group and bombers to the region while announcing plans to send 1,500 additional troops, heightening fears of direct conflict. The Iranian narrative framed the cyber espionage network’s exposure as a countermeasure to U.S. pressure campaigns, though no technical details about the network’s methods, targets, or Iranian detection techniques were disclosed. No U.S. acknowledgment or independent verification of the alleged network or arrests was reported in the source material.