Threat analysis by The RabitaNoor (RBTN) Cyber Research Center

US Offers $10 Million for Information on Iranian Hackers Behind IOControl Malware

The goals of this document is to provide technical and strategic analysis of a much larger document, audio etc.

The document is a product of the RBTN - CYOI Pulpit

Photo by Yeshi Kangrang

Document Summary

The U.S. State Department is offering a $10 million reward for information on Iranian hackers associated with the CyberAv3ngers group, known for deploying IOControl malware against critical infrastructure. CyberAv3ngers, linked to Iran's Islamic Revolutionary Guard Corps Cyber-Electronic Command, has targeted U.S. and Israeli water utilities. The malware, analyzed by Claroty, affects industrial technology from vendors like Unitronics and D-Link. Amid military conflict between Israel and Iran, experts warn of increased Iranian cyber activity. John Hultquist of Google Threat Intelligence Group highlights potential threats to U.S. infrastructure.

Analysis

Overview

Timestamp: 2025-06-16

Title: US Offers $10 Million for Information on Iranian Hackers Behind IOControl Malware

Severity: High

The CyberAv3ngers group, linked to Iran's IRGC-CEC, has targeted U.S. and Israeli critical infrastructure using IOControl malware. Their capabilities include exploiting ICS/SCADA vulnerabilities, with a focus on disrupting operations and gathering intelligence. The infrastructure involves compromised industrial technology, and victims include water utilities in the U.S. and Israel.