Iranian Regime Cyber Troll Army Revealed

Over the past few months, we have been running into a growing number of Iran regime trolls, possibly linked to MOIS APT34. APT34 have an internal group know as the “Oil Rig Hackers”. The Oil Rig group is not particularly sophisticated but is extremely persistent in the pursuit of their mission objective and, unlike other some other espionage motivated adversaries, are much more willing to deviate from their existing attack methodologies and use novel techniques to accomplish their objectives. In this instance, it’s looking like they may be the ones linked to this new group of Iranian trolls and the sites they are promoting on social media. After scraping the affiliated Twitter account’s follows/follower, we discover 3 accounts we believe to be directly linked to the Oil Rig group.

On March 25th 2019, a Telegram account was made, “Lab Dookhtegan | Read My Lips”, and began disclosing information, methods and members of the Oil Rig hacking group. That was less than 30 after the Twitter account was created for the  Although the two don’t seem to be related, the timing of these two accounts being created raises a lot of questions. The Mozahemin site appears to mainly target the NCRI/PMOI/MEK, while the Lab Dookhtegan Telegram account appears to have no political affiliation.

Dookhtegan لب دوخته گان “sealed lips” as an image and a maxim was the creation of Mehdy Kavousi, an Iranian immigrant in the Netherlands who is protesting immigrant deportations.  The image is famous and literally shows Mehdy with lips sewn together in protest. Since March the actors involved in dropping the dime have gone on to create two darknet sites as well as three accounts on Telegram where they dropped much of the same data. The Telegram and the successive Dookhtegan1 account(s) on Twitter also put out a video with their announcement. The video consists of clips of President Obama making a speech much like the kind of thing you see in movies threatening someone using sound bytes.

From the Lab Dookhtegan Telegram account, “We are exposing here the cyber tools (APT34 / OILRIG) that the ruthless Iranian Ministry of Intelligence has been using against Iran’s neighboring countries, including names of the cruel managers, and information about the activities and the goals of these cyber-attacks.  We hope that other Iranian citizens will act for exposing this regime’s real ugly face!”.

So the question arises, will Lab Dookhtegan start targeting this Iranian Troll Army behind the website?  Highly doubtful. Since the site is being hosted by GreenWeb within Iran, it’s also doubtful their abuse department would remove the site do to TOS violations.  [email protected] seems to be the only hope of removing it.


You May Also Like

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *

Sign the Petition

45 labour activists were arrested by the Islamic Regime in Iran! We need your support!

45 labour activists were arrested by the Islamic Regime in Iran! We need your support!

FREE ALL Labor activists in Iran

I express my strongest protest against the arrest and detention of those who participated in the gathering of May Day 2019 in Tehran. I demand the following:

♦️All the May Day detainees in Iran must be immediately and unconditionally released!
♦️All charges against labor rights activists including ‘national security’ charges must be dropped!
♦️The terror and violence against workers and their families must stop!
♦️Workers in Iran should be able to freely exercise their fundamental rights to organize, set up their own organisations, and take part in rallies, assemblies and protests, and to take part in strike action!

**your signature**

Share this with your friends:

Tehran Light Rain
Wind 9(mph)
Pressure 26.18(in)
Visibility 6.0(mi)
UV Index 1-Low
Humidity 26.18(in)
en_USEnglish arالعربية
%d bloggers like this: