From the Depths of the Shadows IRGC and Hacker Collectives Of The 12-Day War

In June 2025, during the 12-day conflict between Israel and Iran, a network of Iran-linked hackers launched a flurry of cyber-operations aligned with the war. As air strikes crossed borders, a vast array of hacking groups began working to sway public opinion, disrupt businesses, and intimidate and undermine adversaries. These threat actors worked in a coordinated web across borders to steal data, deface websites, spread propaganda, and launch malware attacks.

Some of the digital onslaught came from groups with known ties to Iran’s Islamic Revolutionary Guard Corps (IRGC). Other hacking groups supported Iranian state-backed priorities with their campaigns. Other groups were also ideologically-aligned with Iran’s goals, but operated without clear oversight.

SecurityScorecard’s STRIKE threat intelligence team conducted a comprehensive analysis of 250,000 messages from Iranian proxies and hacktivists from over 178 active groups over the 12-day war. The resulting research reveals exactly how Iranian hackers, proxies, and allies supported Iran’s war goals in a disruptive digital offensive. STRIKE also uncovered an IRGC-linked malware-laden phishing operation launched at the outset of the conflict, suggesting the threat actor orchestrated and planned the campaign in step with the war.

The report presents a detailed account of the wide variety of groups that make up Iran’s digital footsoldiers and probes how ideology, opportunism, and tasking intersect with broader warfare.

To read the complete article see: From the Depths of the Shadows: IRGC and Hacker Collectives Of The 12-Day War