AUDIO NOTE: There are some portions of audio with slight static. I’m blaming solar flares. On a serious note, I’m troubleshooting this, but the episode is still listenable.
Key Topics:
Lab Dookhtegan’s emergence as an Iranian hacktivist group targeting the regime through hack-and-leak operations, data leaks, and sabotage since 2019.
Key attacks, including the 2019 leak of APT34 tools, multiple doxings of IRGC officials from 2020 to 2024, and election interference exposures.
Destructive maritime cyber attacks in March and August of 2025 disrupted 116 and 64 Iranian sanction-evading ships via supply chain compromise.
Speculations on Lab Dookhtegan’s potential ties to nation-states like the US or Israel for plausible deniability in proxy operations.
Comparisons to other hacktivist groups like KillNet (Russian-backed) and Blackjack (Ukrainian-aligned), highlighting overlaps between hacktivism and state-sponsored cyber activities.
Call to Action:
Subscribe to the podcast for more episodes on high-profile cyber intrusions.
Visit our website at intrusionsindepth.com for additional stories and insights.
Share your thoughts on social media using #IntrusionsInDepth.
Books:
Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg
Links and Resources:
https://cybershafarat.com/2023/10/09/lab-dookhtegan-supports-us-against-hamas-hezbollah/
https://www.rferl.org/a/farda-briefing-iran-water-crisis-israel-help/33503264.html
https://www.wired.com/story/iran-hackers-oilrig-read-my-lips/
https://securityaffairs.com/117506/apt/iran-state-sponsored-ransomware.html
https://flashpoint.io/blog/second-iranian-ransomware-operation-project-signal-emerges/
https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf
https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf
https://blog.sekoia.io/iran-cyber-threat-overview/
https://x.com/LabDookhtegan2/status/1754860930599403851
https://x.com/LabDookhtegan2/status/1737531151424565421
https://x.com/LabDookhtegan2/status/1734144401687842971
https://x.com/LabDookhtegan2/status/1757333667242770769
https://home.treasury.gov/news/press-releases/jy2072
https://x.com/LabDookhtegan2/status/1767939764966047877
https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/
https://x.com/LabDookhtegan2/status/1824131756884365386
https://cydome.io/lab-dookhtegan-cyberattack-second-wave-findings-aug-2025/
https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm
https://cloud.google.com/blog/topics/threat-intelligence/gru-rise-telegram-minions
https://en.wikipedia.org/wiki/Killnet
https://therecord.media/russian-hacker-group-killnet-returns-with-new-identity
https://cydome.io/lab-dookhtegan-cyber-attack-on-iranian-oil-tankers-disrupts-operations/
https://blog.narimangharib.com/posts/2025%2F08%2F1755854831605?lang=en
https://en.wikipedia.org/wiki/LulzSec
https://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/
https://go.recordedfuture.com/hubfs/reports/cta-2024-0125.pdf
https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/
https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf
https://home.treasury.gov/news/press-releases/jy2072
https://en.wikipedia.org/wiki/March%E2%80%93May_2025_United_States_attacks_in_Yemen
https://cybershafarat.com/2024/11/01/the-attempt-of-shahid-shushtri-also-known-as-emennet-pasargad-a-cyber-group-affiliated-with-the-islamic-revolutionary-guard-corps-to-interfere-in-the-upcoming-american-elections-iran-internatio/
Host: Josh Stepp
Produced by: Josh Stepp
Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!
