A major military hub in southeastern Tehran was destroyed, including facilities tied to the IRGC, Quds Force, and Basij, described as a nerve center for global hacking and internal security. The compound coordinated intrusion campaigns across multiple continents, yet reconnaissance activity increased from Iranian-linked networks even after satellite confirmation of destruction. Iranian cyber capabilities are portrayed as resilient, with the Handala persona operating as a hack-and-leak engine that breaks into accessible systems, wipes data, and times releases to maximize psychological disruption. The earlier assassination of Deputy Intelligence Minister Seyed Yahya Hosseini Panjaki did not end the operation, which instead adapted. State-aligned actors used out-of-band communication methods and alternative infrastructure such as Starlink IP ranges to bypass a degraded domestic grid. Iranian-linked hackers then moved beyond probing and disrupted U.S. oil, gas, and water sites.
"Israel wiped out a major military hub in southeastern Tehran, a site that Western intel says was the nerve center for the IRGC. The facility didn't just house the Quds Force and Basij; it served as the literal "brain" for Iran's global hacking campaigns and internal security operations."
"The facility coordinated intrusion campaigns against adversaries across multiple continents. Yet even as satellite imagery confirmed the compound's destruction, cybersecurity analysts were documenting a spike in reconnaissance activity emanating from Iranian-linked networks. Tehran's digital arsenal has proven more resilient than the bombing runs suggest."
"Handala - the persona behind the Stryker attack and now assessed as a front for Void Manticore, an MOIS-affiliated state - exemplifies exactly this. It operates as a hack-and-leak engine optimized for psychological disruption: breaking into accessible systems, wiping data, and timing the release of stolen material to maximize pressure on targets."
""State-aligned threat actors began utilizing out-of-band communication methods and alternative infrastructure, such as Starlink IP ranges, to bypass the degraded domestic grid," JP Castellanos, Director of Threat Intelligence at Binary Defense, tells The Cipher Brief. In simpler terms, Iranian hackers quickly shifted to alternative internet connections and encrypted communication channels that operate outside Iran's damaged infrastructure, allowing cyber operations to continue even as domestic networks faltered."
#iranian-cyber-operations #irgc-and-quds-force #hack-and-leak-tactics #out-of-band-communications #critical-infrastructure-disruption
Read at The Cipher Brief
Unable to calculate read time
Collection
[
|
...
]