TEMP.Zagros

TEMP.Zagros is an Iranian cyber-espionage entity that conducts intelligence gathering operations. It develops and deploys custom malware and manages command-and-control infrastructure to compromise target networks. The group focuses on harvesting data from the aviation and travel sectors, including passenger manifests, payment details, and reservation records. Its activities are directed both against domestic Iranian targets and foreign organizations abroad. These operations are intended to support state interests through the acquisition of sensitive personal and operational information.

The publicly available sources do not disclose the organization's size, employee count, or financial scale. No explicit figures regarding annual revenue, budget, or number of operatives are provided in the leak reports or related disclosures. While the 2019 leak revealed specific operational details, it does not quantify the overall reach or capacity of TEMP.Zagros. Consequently, any description of its scale would rely on speculation and is therefore omitted. The absence of explicit metrics means that only qualitative aspects of its activities can be confirmed from the evidence.

TEMP.Zagros is distinguished by its specialization in cyber-espionage campaigns targeting airlines and travel booking platforms. Evidence from the 2019 leak shows the group maintained command-and-control server configurations and operational scripts used to exfiltrate passenger and payment data. The leak also linked TEMP.Zagros to the known MuddyWater group and revealed a previously unknown entity called the Rana Institute, indicating possible collaboration or shared infrastructure. Its notable competencies include the ability to sustain persistent access to victim networks and to disseminate compromised material via Telegram channels and dark web portals. These attributes position the group as a focused actor within Iran’s broader cyber-espionage ecosystem, emphasizing data collection from the travel sector.

The sources do not provide any explicit information about TEMP.Zagros’s ownership structure, parent company, or subsidiary relationships. There is no indication in the leak material or associated reporting that the group is a subunit of a larger corporate entity. Likewise, no details are given about state sponsorship, governmental oversight, or affiliations with specific Iranian agencies. Because ownership and structural ties are not disclosed, they cannot be confirmed from the available evidence. Therefore, the profile omits any conjectural statements regarding its organizational hierarchy or affiliations.