Iranian APT in the post Soleimani era

The killing of Soleimani last week will have far implications on Iran and the middle east for years to come. The world and the middle east are safer today with Soleimani gone than before. To understand the implications of this, it’s crucial to understand who Soleimani was for the Iranian Terror and war machine to the world.


What did Soleimani mean to Iran?

Maj. Gen. Qassim Soleimani was seen as a national hero for the Iranian people, someone who came up from humble beginnings to reach the top echelon of the Iranian military. He became a hero in the 1982 Iran/Iraq war and since then rose through the ranks to reach to lead the Quds force a designated Terror organization by the USA.

Soleimani led all war efforts for Iran from supporting the rise of Hizballah in Lebanon to supporting Assad mass murdering his people in Syria to the humanitarian disaster in Yemen and the current conflict in Iraq between Sunni and Shi’a Muslims. Soleimani was considered by many as a smart, strategic person who employed proxies to reach Iranian interest in the region through propping Hamas in Israel and weaponizing Hizballah in Lebanon in order to surround Israel and use them a hostage in a future conflict with the west to the nuclear ambitions of Iran.

Soleimani was also the mastermind of the cyber teams in Iran and other Iran backed terrorist organization.


What does this mean to Iranian APT’s?

After the Stuxnet virus on the Iranian nuclear capabilities and its amazing success setting back Iran’s nuclear program, the ayatollah charged Soleimani to ensure to upgrade their cyber capabilities and their offensive capabilities going forward. Soleimani is rumored to have reached out to Russia for some cyber training for Iranians and upgrading its capabilities.

Soleimani established every APT group in Iran and was the boss they all reported to and got ordered from. Soleimani was the person they reached out to and when they needed equipment, targets or manpower, who approved it all. Soleimani decentralized those APTs from a security perspective due to operational and security concerns from foreign powers.


A person I spoke with from the region indicated the Iranian state sponsored APT’s work on their own and don’t always coordinate or know other members of other APT’s in order to ensure operational integrity. This means that now with a lack of leadership and the decentralization of their operations could led to chaos and disorganization with some of these APT’s falling part and a power struggle to ensue for a leadership role.

The importance of Soleimani to the Iranian terror machine isn’t to be underestimated. His death is sure to leave a hole that won’t be easily filled. While a successor has been named, don’t be fooled by the press or the rumors, these APT’s have now lost a key leader in providing them tools and cooperation with foreign partners who were supporting some of their cyber activities.


What can we expect now?

We can expect these APT’s to continue to operate within their current TTP and we won’t see a big difference in the immediate future. The real results of his death for those in the cybersecurity space will be felt in 12 months from now, when these APT’s run out of steam, talent and tools. When these APT’s struggle for power and tear at each other in internal rift. I expect to see a less empowered Iranian cyber capabilities in 2021 and beyond. This is the type of loss that takes decades to recover from. This is a harsh blow for Iran and its terror sponsored activities. We need to weather the reactive storm of Soleimani’s death by his loyal followers and soldiers who will want to avenge his death before the leadership vacuum becomes clear and internal rift starts to fester.


Until then pay attention to Iranian TTP’s and stay cyber safe!

1 view0 comments