US Offers $10 Million Reward for Information on Iranian Hackers Linked to Cyberattacks

The United States government has announced a reward of up to $10 million for information leading to the identification or location of two key members of an Iranian state-sponsored hacking group. The group, currently referred to as Shahid Shushtari, is believed to be operating under Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).

Key Individuals Wanted by the US

The reward specifically targets:

• Mohammad Bagher Shirinkar – identified as the leader of the cyber unit
• Fatemeh Sedighian Kashi – a long-term associate and operational collaborator

According to US officials, both individuals work closely together to plan and execute cyber operations from Tehran.

Group’s History and Previous Names

The hacker group has been known by multiple aliases in the past, including:

• Emennet Pasargad
• Ayandeh Sazan Sepehr Arya (ASSA)
• Aria Sepehr Ayandehsazan (ASA)
• Eeleyanet Gostar
• Net Peygard

In the cybersecurity industry, the same group has been tracked under labels such as Cotton Sandstorm, Marnanbridge, and Haywire Kitten.

Alleged Cyber Activities

The US government has monitored the group since 2020 and attributes several major cyber incidents to its members, including:

• Cyberattacks against the 2024 Summer Olympics
• An attack on a US-based IPTV streaming service
• Influence and misinformation campaigns during the 2020 US presidential election

Officials say the group targets critical infrastructure sectors across the US, Europe, and the Middle East. These include:

• Media and news outlets
• Travel and shipping companies
• Energy networks
• Financial institutions
• Telecommunications providers

Reward Information

The US State Department encourages anyone with credible information about Shirinkar, Kashi, or their associates to submit tips via the Rewards for Justice platform, including its secure Tor-based reporting channel.

Authorities hope the reward will support ongoing efforts to disrupt state-backed cyber threats targeting US and allied infrastructure.