Dancho Danchev's Blog: Exposing Iran's Most Wanted Cybercriminals - FBI Most Wanted Checklist

Exposing Iran's Most Wanted Cybercriminals - FBI Most Wanted Checklist - OSINT Analysis

- January 16, 2019

Remember my most recently published "Assessing The Computer Network Operation (CNO) Capabilities of the Islamic Republic of Iran - Report"? The report details and discusses in-depth the most prolific Iran-based government-sponsored and tolerated hacking groups including the following groups:

- Ashiyane Digital Security Team
- Iranhack Security Team
- Iranian Datacoders Security Team
- Iran Security Team a.k.a SEPANTA Team/Iran Cyber Army 2012/2013
- IDH Security Team
- Bastan Security Team
- NOPO Digital Security Team
- Shekaf Security Team
- Mafia Hacking Team
- Iran Black Hats Team
- Delta Hacking Security Team
- Digital Boys Underground Team
- IrIst Security Team

I recently came across to FBI's Most Wanted Cybercriminals List and decided to elaborate more by providing actionable Threat Intelligence on some of the most Wanted Iranian cybercriminals with the idea to help law enforcement and to inform the security industry and to ensure that the cybercriminals behind these campaigns can be properly tracked down and prosecuted.

I can be reached at dancho.danchev@hush.com

In this OSINT analysis I'll provide actionable intelligence including personally identifiable information some of FBI's Most Wanted Iranian cybercriminals including Ahmad Fathi, Hamid Firoozi, Amin Shokohi, Mohammad Sadegh Ahmadzadegan, Omid Ghaffarinia, Sina Keissar, Nader Saedi including the infamous ITSec Team and the Mersad Co. company.

Personally Identifiable Information regarding Sun Army Team Members including ITSec Team and the Mersad Co. company:

Sun Army Team Members:
Nitrojen26, Mehdy007, MagicCoder, tHe.Mo3tafA, Plus, BodyGuard

Sample Network Infrastructure Reconnissance:
hxxp://sun-army.org - 185.53.179.10 - Email: Sun.Army@asia.com; Lord.private@ymail.com

Name: Omid Ghaffarinia
Handle: Plus
Email: omid.ghaffarinia@gmail.com; plus.ashiyane@gmail.com; omid.ghaffarinia@alum.sharif.edu
Phone: 091 2444 9002
Web Site: http://alum.sharif.ir/~omid.ghaffarinia/; http://alum.sharif.ir/~omid.ghaffarinia/; http://omidplus.persiangig.com/;
Social Media Accounts: https://plus.google.com/109226633947780718251; https://plus.google.com/109226633947780718251

Personal Photos of Omid Ghaffarinia a.k.a Plus:

Sample Personal Photos from a Train Trip:

Handle: MagicCoder
Email: MagicC0d3r@gmail.com
Web Site: http://magiccoder.ir

Handle: Mehdy007
Email: mehdy007@hotmail.fr
Web Site: http://mehdy007.persiangig.com

Sample Sun Army Cover Art Photos:

ITSec Team a.k.a Amn pardazesh kharazmi a.k.a Pooya Digital Security Group Members:
Pejvak, M3hr@n.S, Am!rkh@n, Doosib, H4mid@Tm3l, R3dm0ve, Provider, ahmadbady

Sample Team Member Personally Identifiable Information:
Name: Amin Shokohi
Handle: Pejvak
Email: pejv4k@yahoo.com
Web Site: http://pejv4k.persiangig.com; http://pejv4k.110mb.com

Handle: Mehr@n.S
Email: M3hran.S@gmail.com

Sample Network Infrastructure Reconnaissance:
http://itsecteam.com/

Social Network Graph of Sun Army Team Members including ITSec Team Members and the Mersad Co. company:

Name: Mohammad Sagegh Ahmadzadegan
Handle: Nitrojen26
Email: nitr0jen26@asia.com; Nitrojen26@yahoo.com; me@sadahm.net
Web Site: hxxp://sadahm.com
Social Media Accounts: https://twitter.com/nitrojen26

Sample Personal Photos of Mohammad Sagegh Ahmadzadegan a.k.a Nitrojen26:

Sample Mersad Co. Company Logo:

Sample Network Infrastructure reconnaissance:

hxxp://mersad.co/ - 188.40.112.196

hxxp://mersadco.ir

Mohammad’s life has strongly tied with programming. After graduation of Computer Engineering, he studied IT (E-Commerce) for his Master to know more about the relation of business and technology. You can find some large scale software projects managed by him like Iran’s SOC, SDIDS, Jolfa Vulnerability DB and etc. Now he is a university lecturer and also CEO of Mersad Co. and one of TKJ Co. consultants. Mohammad is here to help you how to manage a good develop team and guide you to have better usage of technology to achieve your business goals.

Personal Photos of Mersad Co.CEO Mohammad Hamidi Esfahani:

Personally Identifiable Information regarding Mersad Co. Company CEO Mohammad Hamidi Esfahani:

Name: Mohammad Hamidi Esfahani

Email:'m.hamidi.es@gmail.com

Phone: 0913-304-7591

Web Sites: http://www.mohammadhamidi.ir/

Social Media Accounts: https://www.facebook.com/mohammad.hamidi; https://twitter.com/haj_mamed; https://github.com/mohammadhamidi; https://medium.com/@haj_mamed; https://medium.com/@haj_mamed; https://plus.google.com/+mohammadhamidiEsfahani;

Sample Mersad Co. Personal Company Photos: