IRGC intelligence dismantles hacking network tied to Mossad, foreign media

According to Iranian media reports, the group’s leader operated under the deceptive online persona of a Dutch girl defending the freedom of Iranian women and was reportedly supplying classified information on Iranian security forces to anti-Iran media networks, including Iran International, and networks linked to Israel's Mossad.

The case began in 2022 when the "Backdoor" Telegram channel and Twitter account gained notoriety by publishing personal information concerning morality police officers and other military personnel.

Initially, "Backdoor" presented itself as a young European woman exposing secrets in support of Iranian women.

This narrative was heavily amplified by foreign media, notably Iran International, which broadcast reports based on the leaked data.

However, a multi-layered intelligence operation by IRGC cyber specialists showed the person behind the persona was neither a "girl" nor "Dutch," but a young Iranian man who led a domestic hacking group.

According to his confessions, his primary motive was to generate income through cryptocurrency.

The captured leader confessed to receiving payments for specific targets and high-value information.

The investigation uncovered that the hacking group was part of a broader, more dangerous network involving Iran International journalists, a rival hacking group "Lab Dookhtegan", and ultimately, Mossad.

The "Lab Dookhtegan" group is known for its open pro-Zionist leanings and boasted on its Telegram channel about its role in collecting intelligence targets inside Iran during recent conflicts.

Iran’s security apparatus places a high priority on identifying and dismantling foreign espionage operations.

Operations frequently target networks run by the CIA and Mossad, often culminating in the arrest of dual nationals or individuals leaking sensitive military, nuclear, or economic information.