Iranian hackers have congregated since at least 2002 in online forums to share tips on the best ways to create successful cyberattacks.
Those conversations have given birth to some of the most significant global cybersecurity incidents, including devastating attacks on Saudi Aramco, attacks against the public-facing websites of large banks and espionage campaigns on a wide range of Western targets, according to new research by cybersecurity intelligence firm Recorded Future.
Among the findings in the report:
- A forum called "Ashiyane," created by a cybersecurity company called the Ashiyane Digital Security Team, served as a medium for Iranian contractors to show off their talents for executing successful online offensive campaigns.
- The forum was one of Iran's most popular with around 20,000 users and had direct ties to Iran's Islamic Revolutionary Guard Corps.
- Many of the hackers on the forum considered themselves "gray hats," a term for hackers that participate in both legitimate and criminal cyber actions. It's a mixture of the term "white hat," which refers to ethical hackers, and "black hats," which refers to hackers who take part in malicious or illegal activities.
- During the Iranian green movement of 2009, the forum was one of only a few that remained in use as Iran's government cracked down on hacking websites.
- The forum's archives feature details of how participants shared information on how to execute distributed denial of service attacks, or DDOS attacks, which are meant to push websites out of service by flooding them with information, as well as Android exploits and commonly used cyberattack techniques.
- The forum was shutdown in 2018. Though the reason for the shutdown is not clearly known, Recorded Future cites sources as saying the forums became involved in online gambling, an endeavor explicitly prohibited in the Islamic state.