Department 40 Exposed Inside the IRGC Unit Connecting Cyber Ops to Assassinations

A massive leak of internal documents has blown the cover off one of Iran’s most active hacking groups. For years, the cybersecurity community tracked them as APT35, Charming Kitten, Fresh Feline. Now we know exactly who they are, where they work, and who they’re targeting.

If you’ve followed my previous reporting on this group, you already know they’ve targeted journalists, activists, and researchers with sophisticated phishing campaigns. You’ve seen the fake interview requests, the compromised email accounts, the social engineering tactics. But until now, we only knew what they did. We didn’t know who they were.

The leaked files reveal everything: names, national ID numbers, photographs, facility addresses, organizational charts, attack reports, internal videos of their surveillance systems, and even drone test footage. The complete exposure of an IRGC cyber unit that has spent years attacking journalists, government agencies, and critical infrastructure across the Middle East, Europe, and North America.

The exposure also reveals the direct connection between cyber operations and terrorism. These hackers build the intelligence infrastructure that enables assassination operations.

To read the complete article see: Nariman Gharib’s Blog