Cyber security experts have identified eight different groups attributed to the Islamic Republic of Iran. These actors are identified forensically by common tactics, techniques, and procedures, as well as similarities in their code and the industries that they target; this attribution is not based on human intelligence inside the Iranian government. Chinese Advanced Persistent Threat (APT) actors are commonly known as “Pandas,” Russian APTs as “Bears,” and Iranian APTs as “Kittens” (yes, really).

This page is maintained by MEI's Strategic Technologies & Cyber Security Program.






“Due to the obfuscation techniques, and government control over the Iranian media and internet, we don’t have insight into which APT is Ministry of Intelligence vs. IRGC. What we can do is track their tools like malware, efforts like spear-phishing and brute-forcing, and maintain awareness to increase protection.”



Iranian APTs