Full Report
Ionut Arghire reports: The US government has announced rewards of up to $10 million for information on members of the Iranian hacking group known as Emennet Pasargad. The reward offers come roughly a year after a US-Israel joint advisory described the activities of the group, which was then identified by the name of its front company, Aria... Source
Analysis Summary
# Threat Actor: Emennet Pasargad / Shahid Shushtari
## Attribution & Identity
**Attribution:** Iranian hacking group operating under Iran’s [Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC)](https://databreaches.net/2025/12/09/us-posts-10-million-bounty-for-iranian-hackers/). The group has been tracked by the US since 2020.
**Aliases/Known Names:**
* **Official/Reported:** Emennet Pasargad (Original name mentioned, associated with the bounty)
* **Current Name (US identification):** Shahid Shushtari
* **Previous Known Names:** Ayandeh Sazan Sepehr Arya (ASSA), Eeleyanet Gostar, Net Peygard Samavat Company
* **Front Company:** Aria Sepehr Ayandehsazan (ASA)
* **Private Sector Names:** Cotton Sandstorm, Marnanbridge, Haywire Kitten
## Activity Summary
The US government announced rewards of up to $10 million for information on members of this group. This action follows a joint US-Israel advisory issued approximately one year prior, which detailed the group's past activities, at which time they were identified primarily by their front company, Aria Sepehr Ayandehsazan (ASA). The US has been monitoring the group since 2020.
## Tactics, Techniques & Procedures
*Specific TTPs are not detailed in this source material, only the existence of past activities.*
- [No specific TTPs mentioned in the provided text.]
- [No MITRE ATT&CK IDs mentioned in the provided text.]
## Targeting
- **Sectors:** Not explicitly listed in this summary, but the precursor US-Israel advisory mentioned targeting of **surveillance cameras**.
- **Geography:** Not explicitly listed in this summary.
- **Victims:** Not explicitly listed in this summary, linked to activities that prompted a US-Israel advisory.
## Tools & Infrastructure
- [No specific malware families mentioned in the provided text.]
- [No specific infrastructure (C2, domains, IPs) mentioned in the provided text.]
## Implications
The issuance of a high-value bounty ($10 million) by the US government signals a significant level of concern regarding the threat posed by this IRGC-affiliated entity. Attribution to the IRGC-CEC indicates state-sponsored espionage or disruptive cyber operations supporting Iranian government interests.
## Mitigations
- [Defense recommendations specific to this actor cannot be formulated based only on this summary.]