Information obtained by Alhurra from four Iranian opposition figures points to an extensive cyber warfare network operated by Iran’s Islamic Revolutionary Guard Corps (IRGC), with units deployed both inside and outside Iran and receiving advanced training under the supervision of foreign experts.
According to the sources, the IRGC’s Cyber Command oversees roughly 3,000 cyber battalions engaged in electronic warfare operations across Iran and abroad. The most sensitive and sophisticated missions, however, are reportedly carried out by Iranian cyber units based in Europe.
These battalions are composed of multinational mercenaries recruited by the Quds Force — the IRGC’s external operations arm — to carry out intelligence missions on behalf of Tehran, the sources said.
Each battalion is led by an IRGC officer, while both commanders and operatives receive ongoing training from Russian and Chinese specialists in cyber operations. Most of the training programs are conducted in Iran, with others taking place in Russia and China.
The sources also said that a number of Russian and Chinese officers serve as permanent advisers within Iran’s cyber units. The IRGC, they said, relies heavily on Moscow and Beijing in building its cyber capabilities and drawing on their experience in cyber defense, offensive operations and surveillance of political opponents.
According to Iran’s state news agency IRNA, Tehran signed 20 agreements with Russian companies in the telecommunications and information technology sectors last December.
“Since June 2025, I have been under constant cyberattack by groups affiliated with the Revolutionary Guards. My social media pages and electronic devices are repeatedly targeted,” said Arif Bawjani, head of the opposition Iranian Kurdistan Freedom Party.
“So far, I have managed to withstand some of these attacks with the help of a specialized cybercrime unit in a European country,” he told Alhurra.
The term “Iranian Cyber Army” generally refers to a network of hacking groups, cyber operations units and digital warfare organizations linked to Iran’s security and military institutions.
Over the years, these entities have reportedly been involved in cyber espionage, computer network intrusions, intelligence gathering, cyberattacks and psychological operations targeting both domestic and foreign adversaries.
In 2022, the late Major General Hussein Salami, then commander of the IRGC and killed during Israel’s 12-day war with Iran last month, said Iran had “2,000 organized and active cyber battalions” and had significantly improved its cyber capabilities in terms of content, operations and infrastructure, according to the Iranian outlet Tabnak, which is close to the Assembly of Experts.
In 2024, the U.S. State Department’s Rewards for Justice program offered up to $10 million for information on six Iranian officials linked to malicious cyber activities conducted by IRGC-affiliated hacking groups. The officials named were Hamed Homayounfal, Hamid Reza Lashgarian, Mehdi Lashgarian, Milad Mansouri, Mohammad Bagher Shirinkar and Mohammad Amin Saberian.
The State Department said Hamid Reza Lashgarian, who heads the IRGC’s cyber and electronic operations command and serves as a Quds Force commander, had participated in numerous cyber and intelligence operations.
It also said Mehdi Lashgarian and the other officials oversaw the “Cyber Av3ngers” group, which deployed malicious software targeting industrial control systems and data collection infrastructure worldwide.
The U.S. Treasury Department imposed sanctions on the six officials in February 2024.
According to the sources, the network’s mission extends beyond technical intrusions and hacking operations to include information warfare and psychological operations.
“One of its objectives is to sow division and distrust among opponents of Iran’s ruling system, spread disinformation, shape public opinion on social media and influence the media environment,” said Aso Qadri, a Europe-based Kurdish analyst specializing in national security.
Qadri told Alhurra that IRGC cyber units often infiltrate sensitive networks months or even years before a crisis or conflict erupts, gathering intelligence, identifying vulnerabilities and creating opportunities for future sabotage before launching attacks.
Among the primary targets, he said, are banks, energy infrastructure, transportation systems, telecommunications networks, government institutions, defense contractors, air defense systems and military communications.
“Cyber warfare provides Iran with advantages that many conventional military tools cannot offer,” Qadri said. “It is cheaper, more covert and less risky, allowing the regime to pressure its adversaries without engaging in direct military confrontation.”
According to Cyber Magazine, a publication specializing in cybersecurity research, groups such as the “Islamic Cyber Resistance,” the “Dark Storm Team” and the “Fatemiyoun Cyber Team” have coordinated data-wiping campaigns and website defacements targeting government agencies, financial institutions and critical infrastructure across the Middle East.
The report said Iranian cyber operations typically combine espionage with disruptive tactics designed to pressure adversaries.
Mohammad Hanif, an Iranian opposition political analyst, said Tehran’s reliance on cyber warfare is part of a broader doctrine that favors low-cost, deniable tools to exert pressure on opponents with greater military and economic capabilities.
Hanif said Iranian cyber operators frequently rely on social engineering rather than sophisticated technical exploits. Attackers often impersonate journalists, academics, conference organizers, politicians or other trusted individuals to establish contact with targets.
“The objective is to steal login credentials, gain access to private accounts and target individuals involved in Iranian and Middle Eastern affairs,” Hanif said.
A report released in March by Singapore-based cybersecurity firm CloudSEK said groups backed by the IRGC had launched cyberattacks targeting critical infrastructure in the United States.
The company said that within hours of the start of U.S.-Israeli strikes on Iran on Feb. 28, Tehran mobilized more than 60 affiliated cyber groups to begin offensive operations. Artificial intelligence tools, the report said, significantly enhanced efforts to target internet-connected U.S. critical infrastructure.
Cyber warfare has become one of Iran’s most important tools for confronting opponents both at home and abroad. As artificial intelligence technologies advance and dependence on digital systems deepens, concerns are growing over Tehran’s ability to target individuals, institutions and critical infrastructure around the world.
Adapted and translated from the original Arabic.
