
Iran International, a London-based media platform for the Iranian opposition, obtained information that exposes the identities of those behind MuddyWater and Darkbit hacker groups, affiliated with Iran's Intelligence Ministry, and their cyberattacks against targets in Israel, Turkey, Egypt, Azerbaijan, the UAE, Iraq, Italy, Russia, Algeria and Saudi Arabia, among others.
According to the news website, the Darkbit hacker group operates under the command of Amir-Hossein Fard Siahpoush, also known as Parsa Sarrafian, who runs the Ravin Academy, a US-sanctioned school that trains individuals in cyber security and hacking, and recruits from among these trainees for Iran's Intelligence Ministry.
Seyyed Ali Emami, Pouria Kazemabadi Farahani, Ahmadreza Irani, Amin Dadashi and Seyyed Hossein Siadat are among members of the Darkbit group, revealed Iran International.
Three members of the MuddyWater hacker group including Mohammad Khoshlahn, Younes Valiaei and Mohammad-Reza Khoroush, serve as liaisons between the group and the Intelligence Ministry, according to the information obtained by Iran International.
Among other things, MuddyWater hackers carried out cyber attacks against government organizations, military bodies, educational institutions and communication networks in Jordan, Turkey, Azerbaijan and Pakistan. They also targeted sensitive databases in Mali, Austria, Russia and Bahrain, and carried out repeated attacks on state institutions in Iraq and Saudi Arabia.
The Darkbit group, according to the report, works under MuddyWater, and operates from the same office building in Tehran. According to Iran International, Darkbit is the team in the MuddyWater array that operates against Israeli targets.
At the start of 2023, the hackers from this group carried out a cyber attack against the Technion in Haifa. At the beginning of 2024, they claimed to have attacked the systems of the Tel Aviv Municipality, the National Cyber System and the Department of Mental Health at the Ministry of Health. They never presented evidence of these attacks.