In August 2020, Shahid Shushtari actors began a multi-faceted campaign targeting the US presidential election, combining computer intrusion activity with exaggerated claims of access to victim networks to enhance psychological effects. The US Treasury Department designated Shahid Shushtari and six employees on November 18, 2021, pursuant to Executive Order 13848 for attempting to influence the 2020 election.

Read: Six Iranian Hackers Identified in Cyberattacks on US Water Utilities, $10 Million Reward Announced

The Infrastructure and Olympic Targeting

Since 2023, Shahid Shushtari established fictitious hosting resellers named "Server-Speed" and "VPS-Agent" to provision operational server infrastructure while providing plausible deniability. These resellers procured server space from Europe-based providers including Lithuania's BAcloud and UK-based Stark Industries Solutions.

In July 2024, actors used VPS-Agent infrastructure to compromise a French commercial dynamic display provider, attempting to display photo montages denouncing Israeli athletes' participation in the 2024 Olympics. This cyberattack was coupled with disinformation including fake news articles and threat messages to Israeli athletes under the banner of a fake French far-right group.

Following the October 7, 2023, Hamas attack, Shahid Shushtari used cover personas including "Contact-HSTG" to contact family members of Israeli hostages, attempting to inflict psychological trauma. The group also undertook significant efforts to enumerate and obtain content from IP cameras in Israel, making images available via several servers.

AI Integration and Hack-and-Leak Operations

Shahid Shushtari incorporated artificial intelligence into operations, including AI-generated news anchors in the "For-Humanity" operation that impacted a US-based Internet Protocol Television streaming company in December 2023. The group leverages AI services including Remini AI Photo Enhancer, Voicemod, Murf AI for voice modulation, and Appy Pie for image generation, a joint October advisory from the U.S. and Israeli agencies stated.

Since April 2024, the group used the online persona "Cyber Court" to promote activities of cover-hacktivist groups including "Makhlab al-Nasr," "NET Hunter," "Emirate Students Movement," and "Zeus is Talking," conducting malicious activity protesting the Israel-Hamas conflict.

FBI assessments indicate these hack-and-leak operations are intended to undermine public confidence in victim network security, embarrass companies and targeted countries through financial losses and reputational damage.

Anyone with information on Mohammad Bagher Shirinkar, Fatemeh Sedighian Kashi, or Shahid Shushtari should contact Rewards for Justice through its secure Tor-based tips-reporting channel.