This is an Iranian hacking group.[^1] It translates to “thinkers”, or “innovators”.[^1] They use complex infrastructure for espionage, theft, and disruption of control systems.[^1] They have compromised more than 50 victims since 2012.[^1] Infrastructure used in Operation Cleaver was registered to the Tahr Andishan corporate entity.[^1] The main IP address used by Operation Cleaver (78.109.194.114) resides in the netblock owned by Tarh Andishan.[^1] A CCProxy configuraiton file exposed the limited IP range which was owned by Tarh Andishan in Iran.[^1] A squid proxy server configuration file was also recovered with a net range of /28 to make it look like it was not intended to only allow one IP address.[^1] The net blocks associated with Tarh Andishan rotated over time with the altered registration information.[^1] The blog IranRedLine.org speculated on the involvement of the Iranian government with Tarh Andishan.[^1]
[[Operation Cleaver]]
Backlinks
[[CCProxy]]
IP Addresses
[[Iranian Hacking]]
[[Network Information Center]]
Sources
[1]Cylance_OperationCleaver