The ransomware group, Arvin Club, has claimed to have released the database of the Information Technology Organization of Iran.
The hackers have posted the data, allegedly exfiltrated after the ITO cyber attack, on their dark web portal. The Iran ITO cyber attack remains unconfirmed by the organization.
Details about the alleged Iran ITO cyber attack
Threat intelligence service Falcon Feeds tweeted the above screenshot from the dark web portal of the Arvin Club. Arvin Club members named the official website of the targeted organization – https://ito.gov.ir.
They placed a link allegedly to the exfiltrated data from the Iran ITO cyber attack. They also placed links to contact the hackers in case users have any concerns or questions about the data leaked. The post by Arvin Club was made on 18 July 2023.
Iran ITO cyber attack and Arvin Club ransomware group
The Arvin Club ransomware group announces its cyber attacks on its Onion site and other social media handles including Telegram.
They first posted on their TOR website in May 2021. The hackers from the Arvin Club were also in the cybersecurity news for breaching the school systems of Kendriya Vidyalaya based in India. This breach led to the compromise of student data, according to reports.
Some other named targets of the Arvin Club ransomware group were Bureau van Dijk and the Cybercrime forum Maza. They usually post in the Persian language.
They have shown allegiance with the REvil hacker group. According to reports, the Arvin Club never claims to attack systems. Instead only claim to release data from cyber attacks that may not have been launched by them.
The hacker group has been known to target government websites including the Ministry of Culture and Islamic Guidance and Khomeini’s state-owned bank.
However, the group shut down its blog because they lost the motivation to work, as stated in a SuspectFile report.
The group claimed not to have any connections with the terrorist regime of the Islamic Republic of Iran and clarified that the accusations were false.
They have also been known to mostly work as sellers of data from cyber-attacks made by other hackers.
They consider themselves a Farsi language-speaking hacktivist group fighting against groups/ terrorists that are killing their countrymen. The hackers from Arvin Club also launched a cyber attack against another group in March 2022.
Cybersecurity firms have posted how victims of the Arvin Club ransomware attacks can recover their files.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.