Threats Feed|Emennet Pasargad|Last Updated 24/01/2025|AuthorCertfa Radar|Publish Date30/10/2024

Emennet Pasargad Expands Tactics in Targeting Israel and Allied Nations

  • Actor Motivations: Espionage,Financial Gain,Sabotage
  • Attack Vectors: Vulnerability Exploitation,Malware,Trojan
  • Attack Complexity: Medium
  • Threat Risk: High Impact/Low Probability

Threat Overview

The Iranian cyber group Emennet Pasargad, also known as Aria Sepehr Ayandehsazan, targeted sectors in Israel and the United States, employing new tactics such as cover personas and fictitious hosting providers. Its operations included cyber-enabled influence campaigns during the 2024 Olympics and the collection of IP camera data to amplify psychological impact. Emennet Pasargad created custom personas, such as "Cyber Court," to support hacktivist activities and targeted U.S.-based streaming services for influence operations. They also leveraged open-source information on Israeli personnel to increase targeting precision, demonstrating an advanced combination of infrastructure obfuscation, influence tactics, and direct compromise efforts.

Reference and Credit: FBI - October 2024

New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad

Detected Targets

TypeDescriptionConfidence
SectorHigh-Tech
Verified
SectorInformation Technology
Verified
RegionFrance
Verified
RegionIsrael
Verified
RegionSweden
Verified
RegionUnited States
Verified

Exploited Vulnerabilities

NIST NVD: CVE 2023-38831

Extracted IOCs

  • cybercourt[.]io
  • cyberflood[.]io
  • il-cert[.]net
  • onlinelive[.]info
  • pro-today[.]org
  • rgud-group[.]com
  • rgud-group[.]net
  • zeusistalking[.]com
  • zeusistalking[.]io
  • zeusistalking[.]net
  • 4431b2a4d7758907f81fb1a0c1e36b2ce03e08d43123b1c398487770afd20727
  • 6f765dda126e830c6cd2c7938dbb970d03be728e82c00388903a4ef3f9ecc853
  • 146[.]19.254.61
  • 213[.]109.147.63
  • 31[.]42.177.114
  • 45[.]140.146.108
  • 45[.]140.146.137
  • 45[.]140.146.139
  • 45[.]140.146.197
  • 45[.]140.146.208
  • 45[.]142.212.21
  • 45[.]143.166.233
  • 45[.]143.167.87
  • 45[.]84.0.237
  • 45[.]84.0.254
  • 85[.]206.167.224
  • 85[.]206.169.64
  • 85[.]206.169.80
  • 85[.]206.170.160
  • hxxp://onlinelive[.]info/wez/api.php
  • hxxp://onlinelive[.]info/wez/insert.php
download

Tip: 31 related IOCs (17 IP, 10 domain, 2 URL, 0 email, 2 file hash) to this threat have been found.

Overlaps

Emennet PasargadFake Chrome Updates and Modular Malware: The WezRat Threat

Source: Check Point - November 2024

Detection (four cases): 45[.]143.167.87, 4431b2a4d7758907f81fb1a0c1e36b2ce03e08d43123b1c398487770afd20727, il-cert[.]net, onlinelive[.]info

Hint: Overlaps are extracted automatically by examining the IOCs associated with all indexed threats and actors.

About Affiliation
Emennet Pasargad
View Emennet Pasargad's Insights