Rana Institute

The Rana Institute operates as a cyber-espionage contractor for the Iranian Ministry of Intelligence, conducting surveillance operations targeting Iranian citizens both domestically and internationally. Its activities involve infiltrating airlines, travel booking platforms, and related sectors to systematically harvest sensitive passenger data, including manifests, reservation details, and payment card information. The group's operations support intelligence-gathering objectives focused on monitoring perceived threats to Iranian state interests, with documented campaigns dating back to at least 2015.

A significant 2019 data breach exposed the organization’s internal methodologies, revealing operational blueprints, employee records, and comprehensive victim lists. Leaked materials disseminated through Telegram channels and Dark Web portals demonstrated the institute’s specialized focus on aviation sector targeting and its development of tailored tools for data exfiltration. Security analysts confirmed the authenticity of these documents, noting their alignment with broader patterns of Iranian state-sponsored cyber activity. The exposure provided rare technical and strategic insights into the group’s tradecraft, including operational security protocols and target selection criteria.

This incident formed part of a series of leaks involving Iranian cyber units, underscoring the Rana Institute’s role within Iran’s layered ecosystem of government-aligned hacking collectives. While its exact corporate structure remains undisclosed, its contractual relationship with the Ministry of Intelligence positions it as an extension of state surveillance capabilities rather than an independent entity. The compromised records highlighted the institute’s persistent efforts to track dissidents, dual nationals, and other persons of interest through compromised travel industry networks.