Iranian Cyber Army
The Iranian Cyber Army is a hacker group attributed with website defacements and DNS hijacking attacks since 2009. Analysts link the group with pro-regime Iranian actors and suggest possible ties to the Islamic [Revolutionary Guard Corps], though direct control remains unproven.
History
The group first appeared publicly in late 2009, claiming responsibility for a series of high-profile defacements. Its operations are often discussed within the broader context of Iranian cyberwarfare activities.Known operations
Baidu defacement (2009)
On 12 January 2010, the Chinese search engine Baidu was redirected to a defacement page displaying the message “This site has been hacked by the Iranian Cyber Army.” Investigations indicated tampering with the site’s U.S. domain registration.Twitter redirect (2009)
In December 2009, Twitter’s domain records were compromised, briefly redirecting visitors to a page that displayed the Iranian flag and the message “This site has been hacked by the Iranian Cyber Army.” The disruption lasted less than an hour before Twitter restored service.Opposition website defacements
Between 2009 and 2011, several Iranian opposition and diaspora media websites were defaced and replaced with pro-government content attributed to the Iranian Cyber Army.Affiliations and structure
Some reports describe the Iranian Cyber Army as aligned with the IRGC, possibly operating with indirect state sponsorship.Other analysts argue that the group may be a looser collection of patriotic hackers rather than a formal military unit.