Iranian Cyber Unit “Department 40” Targets Israelis with Cyber Warfare

Key Findings of the Investigation

An alarming investigation conducted by the Iranian opposition channel Iran International has revealed the existence of a covert Iranian cyber unit known as “Department 40.” This group has been actively promoting cyber warfare on behalf of the Islamic Revolutionary Guards Corps (IRGC) and its intelligence division, known as Unit 1500.
The investigation outlines the activities of approximately 60 men and women who have spent years surveilling Israeli social media, specifically Facebook pages, and infiltrating medical clinic websites in Istanbul to track individuals seeking plastic surgeries.

Cyber Operations Against Israelis

Recently, “Department 40” was implicated in a series of espionage operations designed to facilitate terrorist attacks against Israelis and Jews both in Israel and globally. The group has operated under various aliases, including Charming Kitten, Moses Staff, and Abraham’s Axe. The report highlights that under the direction of Abbas Rahroy, the personnel involved executed sophisticated cyber activities that ultimately served the IRGC’s terrorist agenda.

Since 2022, the group has specifically targeted Israelis and Jews visiting Turkey, gathering real-time information about their whereabouts in order to coordinate potential attacks. Department 40 reportedly gained access to websites of medical clinics frequented by Israelis and hacked into their mobile phstarts while they were present.

Life-Saving Interventions by Israeli Intelligence

During these years, Israeli intelligence (Mossad) successfully intervened on several occasions, providing last-minute instructions to Israelis to take refuge in hotel rooms and avoid assassination attempts by Iranian agents. These intelligence efforts were often based on information collected by Department 40, which monitored social media activities of Israeli groups in Turkey.

Connection to Terrorist Attacks

The report indicates that “Department 40” had advanced knowledge of a devastating attack in Istanbul in 2022 that resulted in the deaths of eight individuals. The cyber unit acted as vital intelligence support for operatives on the ground seeking to locate and target Israelis. It appears that without the insights provided by “Department 40,” the execution of this attack would have been considerably more challenging for Iranian operatives.

Infiltration of Foreign Systems

Further exposing its capabilities, “Department 40” breached information systems of various foreign government and non-governmental entities. This includes infiltration of databases belonging to the polstart departments of Abu Dhabi, FlyDubai, EgyptAir, and local municipalities in Jordan, Turkey, and Saudi Arabia.

Insights into Department Structure

This investigation marks the first time the identity and structure of “Department 40” have been unveiled. It operates as an extension of Unit 1500 of the IRGC, with a sophisticated database system known as “Kashaf” that allows agents to input and track personal information of individuals. Kashaf enables the team to identify and analyze extensive relationships and connections.

Moreover, many operatives within “Department 40” employed family members within their ranks to further obscure their operations through a network of shell companies. This organized structure facilitated Iranian intelligence efforts against both critics of the Islamic Republic and Israeli targets.

Recent Developments and Exposures

Recent digital breaches have exposed a cache of documents taken from “Department 40”. A group dubbed “Kitten Busters” launched a GitHub account, revealing operational reports, cyber tools, and official directives written in Persian. Among the disclosed intentions include recruitment efforts targeting Israelis for potential internal destabilization campaigns and manipulation through social influence.

Notably, it has also come to light that “Department 40” has been developing suicide-drstarts as part of their ongoing cyber warfare strategies, underscoring the significant threat they pose. An intelligence community report stated, “This cyber apparatus has conducted extensive damaging activities against Israel, and now they are paying the prstart for being identified.”

This investigation sheds light on the intricate and far-reaching cyber operations undertaken by Iranian entities targeting Israel and its citizens, indicating an advanced level of cyber warfare being utilized as a tactic of terrorism.