From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War

SecurityScorecard STRIKE analyzed 250,000 messages from over 178 active groups during a 12-day Israel–Iran conflict and documents a coordinated digital offensive by Iran-linked actors and aligned hacktivists that included IRGC-linked phishing and malware operations (notably Imperial Kitten), website defacements, DDoS, data theft and coordinated propaganda; actors used Telegram for recruitment and coordination, timed phishing domains and lures to kinetic events, and exhibited persistent, tasking-aligned behavior that increases risk to regional and global targets.