US offering 10 million for info on Iranian hackers behind IOControl malware The Record from Recorded Future News

pppLeadershipppCybercrimeppNationstateppElectionsppTechnologyppCyber DailyppClick Here Podcastpp Free Newsletterpp The US State Department said they were seeking information on Iranian hackers who they accused of targeting critical infrastructure using a strain of malware deployed against industrial control systems pp US officials are offering up to 10 million for details on a hacker affiliated with the group called CyberAv3ngers that gained prominence in 2023 and 2024 for a string of cyberattacks on US and Israeli water utilities  pp Law enforcement agencies eventually tied CyberAv3ngers to Irans Islamic Revolutionary Guard Corps CyberElectronic Command and in August offered a reward for information on at least six Iranian government hackers allegedly behind the effort and placing sanctions on the men  pp On Thursday the State Department issued a new reward centered around an online persona known as Mr Soul or Mr Soll The notice said CyberAv3ngers is associated with the persona and has launched a series of malicious cyber activities against US critical infrastructure on behalf of Irans Islamic Revolutionary Guard Corps CyberElectronic Command IRGCCEC  pp CyberAv3ngers actors have utilized malware known as IOCONTROL to target Industrial Control SystemsSupervisory Control and Data Acquisition ICSSCADA devices used by critical infrastructure sectors in the United States and worldwide the State Department said  pp The State Department and Cybersecurity and Infrastructure Security Agency did not respond to requests for information about the most recent CyberAv3ngers attacks pp Members of CyberAv3ngers have boasted on Telegram of their attacks and compromises using IOControl   pp IOControl is a strain of malware spotlighted by government officials in December 2024 that multiple cybersecurity firms said was being used by Iranian actors to attack Israel and USbased devices Experts at Claroty said the malware was used to attack cameras routers firewalls and other industrial technology created by popular vendors like Unitronics DLink Hikvision Baicells and more  pp Claroty incident responders analyzed a sample of the malware taken from a popular gas station management system that was allegedly compromised by CyberAv3ngers pp The malware allows hackers to remotely control infected devices move laterally within a victims system and more Cybersecurity firm Armis said the malware was first seen using other names over a year ago pp The State Department reward was posted amid a widening military conflict between Israel and Iran On Friday Israeli missile strikes killed hundreds of Iranian citizens including several military leaders and nuclear scientists Iran has responded by firing hundreds of rockets at Israel killing dozens in Tel Aviv and other cities   pp John Hultquist chief analyst at Google Threat Intelligence Group warned that Iranian cyber threat actors would likely rededicate themselves to attacks on Israel in light of the recent conflict  pp Iranian cyber activity in Israel is already persistent and aggressive and has been for several years Iranian cyber activity has not been as extensive outside of the Middle East but could shift in light of the military actions he said  pp Targets in the United States could be reprioritized for action by Irans cyber threat capability Iranian cyber espionage activity already targets the US government military and political set but new activity may threaten privately owned critical infrastructure or even private individuals ppJonathan Greigppis a Breaking News Reporter at Recorded Future News Jonathan has worked across the globe as a journalist since 2014 Before moving back to New York City he worked for news outlets in South Africa Jordan and Cambodia He previously covered cybersecurity at ZDNet and TechRepublicppPrivacyppAboutppContact Uspp Copyright 2025 The Record from Recorded Future Newsp