Six US government agencies issued a critical advisory warning of Iranian-affiliated APT cyberattacks on domestic infrastructure. Groups like Handala Hack Team and CyberAv3ngers present themselves as pro-Palestinian hacktivist collectives but are believed to be directly tied to Iran's Ministry of Intelligence (MOIS). This analysis explores how Iran uses these proxy 'ghost groups' as plausible deniability cover for state-level attacks — a 'gray warfare' doctrine of slow, covert erosion of adversaries. The piece traces Iran's intelligence history from SAVAK through MOIS and the IRGC, explaining how decades of political upheaval shaped this ecosystem. It also examines Handala's theatrical social media posturing as a strategic tool to highlight power asymmetry and erode public trust in Western governments, noting that Iran's cyber capabilities remain constrained by sanctions and repeated attacks on its own infrastructure.
Sort: