Iranian Cyber Army


The Iranian Cyber Army is a hacker group attributed with website defacements and DNS hijacking attacks since 2009. Analysts link the group with pro-regime Iranian actors and suggest possible ties to the Islamic [Revolutionary Guard Corps], though direct control remains unproven.

History

The group first appeared publicly in late 2009, claiming responsibility for a series of high-profile defacements. Its operations are often discussed within the broader context of Iranian cyberwarfare activities.

Known operations

Baidu defacement (2009)

On 12 January 2010, the Chinese search engine Baidu was redirected to a defacement page displaying the message “This site has been hacked by the Iranian Cyber Army.” Investigations indicated tampering with the site’s U.S. domain registration.

Twitter redirect (2009)

In December 2009, Twitter’s domain records were compromised, briefly redirecting visitors to a page that displayed the Iranian flag and the message “This site has been hacked by the Iranian Cyber Army.” The disruption lasted less than an hour before Twitter restored service.

Opposition website defacements

Between 2009 and 2011, several Iranian opposition and diaspora media websites were defaced and replaced with pro-government content attributed to the Iranian Cyber Army.

Affiliations and structure

Some reports describe the Iranian Cyber Army as aligned with the IRGC, possibly operating with indirect state sponsorship.
Other analysts argue that the group may be a looser collection of patriotic hackers rather than a formal military unit.

Controversies

Attribution of incidents to the Iranian Cyber Army remains contested. Some experts note that the attacks relied on basic DNS or registrar compromises rather than sophisticated intrusion techniques. Others suggest that the term “Iranian Cyber Army” has been applied inconsistently to multiple unrelated actors.

Assessment

The Iranian Cyber Army is often cited as one of the earliest organized Iranian cyber actors. While its tactics were relatively simple, the group demonstrated Iran’s willingness to use cyberattacks for symbolic and political purposes.