Iran's school for cyberspies could've used a few more lessons in preventing breaches
UK-based Iranian activist Nariman Gharib claimed to have been sent a copy of the data that was stolen from Ravin Academy and has made it publicly available via a dedicated website. The stolen data includes names, phone numbers, and Telegram usernames, as acknowledged by the academy. In some cases, it also includes national ID numbers. Gharib received the data in the form of a spreadsheet, which contained details of the classes each individual attended, although he did not make this data publicly accessible.
Founders Farzin Karimi Mazlganchai and Seyed Mojtaba Mostafavi are sanctioned by the UK, US, and EU for their role in establishing Ravin Academy. A PwC report on the school credibly ties both founders to attacks carried out by the MOIS-linked attack group Yellow Nix/MuddyWater/APT34.