IRANIAN IRGC DATA EXTORTION OPERATIONS

RANSOMWARE

The Iranian IRGC Data Extortion Operations is primarily focused on targeting organizations within critical infrastructure sectors such as energy and telecommunications, leveraging their strategic importance for significant geopolitical leverage. This group typically gains initial access through phishing campaigns that exploit unpatched vulnerabilities, particularly those classified as CRITICAL severity, to infiltrate networks undetected. Once inside, they employ a double extortion tactic by exfiltrating sensitive data before initiating encryption with ransom demands, aiming to maximize pressure on their victims for compliance and payment. This group stands out due to its sophisticated approach in combining traditional ransomware tactics with advanced espionage techniques, indicative of state-sponsored activity rather than typical cybercrime operations.

Based on the available data, the most exploited vulnerability categories by this group include remote code execution (RCE) and authentication bypass flaws, which are critical for initial access and lateral movement within targeted networks. The absence of confirmed exploitation tools suggests that the group may be using custom-built malware or leveraging existing open-source frameworks to maintain operational security and evade detection. Defenders should prioritize patch management and vulnerability assessments, particularly focusing on high-severity CVEs related to RCE and authentication bypass, to mitigate the risk of initial compromise by this sophisticated actor.

Predicted CVEs (92) CORRELATION

How does prediction work?

Predicted CVEs are identified through automated correlation using multiple sources: vendor/product profiles historically targeted by the group (MITRE ATT&CK), attack chain patterns (KEV + TTPs), threat intelligence (MISP, STIX), and AI analysis. These CVEs have not been confirmed as exploited by this specific group, but have a high probability of being targets based on the actor's operational profile.

CVE-2020-0796 CRITICAL Microsoft Windows 10 Version 1903 for 32-bit Systems predicted 10.0 CVE-2020-1350 CRITICAL Microsoft Windows Server predicted 10.0 CVE-2020-0796 CRITICAL Microsoft Windows 10 Version 1903 for 32-bit Systems predicted 10.0 CVE-2021-44228 CRITICAL Apache Software Foundation Apache Log4j2 predicted 10.0 CVE-2021-44228 CRITICAL Apache Software Foundation Apache Log4j2 medium 10.0 CVE-2024-38856 CRITICAL Apache Software Foundation Apache OFBiz predicted 9.8 CVE-2024-32113 CRITICAL Apache Software Foundation Apache OFBiz predicted 9.8 CVE-2020-12812 CRITICAL Fortinet FortiOS medium 9.8 CVE-2023-33246 CRITICAL Apache Software Foundation Apache RocketMQ predicted 9.8 CVE-2023-27524 CRITICAL Apache Software Foundation Apache Superset predicted 9.8 CVE-2021-38647 CRITICAL Microsoft Open Management Infrastructure predicted 9.8 CVE-2021-31166 CRITICAL Microsoft Windows 10 Version 2004 predicted 9.8 CVE-2024-49035 CRITICAL Microsoft Partner Center predicted 9.8 CVE-2024-27348 CRITICAL Apache Software Foundation Apache HugeGraph-Server predicted 9.8 CVE-2025-24813 CRITICAL Apache Software Foundation Apache Tomcat predicted 9.8 CVE-2025-24989 CRITICAL Microsoft Power Pages predicted 9.8 CVE-2023-29357 CRITICAL Microsoft SharePoint Server 2019 predicted 9.8 CVE-2023-23397 CRITICAL Microsoft Office LTSC 2021 predicted 9.8 CVE-2024-43468 CRITICAL Microsoft Configuration Manager predicted 9.8 CVE-2024-21413 CRITICAL Microsoft Office 2019 predicted 9.8 CVE-2024-21410 CRITICAL Microsoft Exchange Server 2016 Cumulative Update 23 predicted 9.8 CVE-2025-53770 CRITICAL Microsoft SharePoint Enterprise Server 2016 predicted 9.8 CVE-2025-59287 CRITICAL Microsoft Windows Server 2012 predicted 9.8 CVE-2026-20963 CRITICAL Microsoft SharePoint Enterprise Server 2016 predicted 9.8 CVE-2020-13927 CRITICAL Apache Airflow's Experimental API predicted 9.8 CVE-2020-17530 CRITICAL Apache Software Foundation Apache Struts predicted 9.8 CVE-2020-1938 CRITICAL Apache Tomcat predicted 9.8 CVE-2020-0646 CRITICAL Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 predicted 9.8 CVE-2021-42013 CRITICAL Apache Software Foundation Apache HTTP Server predicted 9.8 CVE-2021-41773 CRITICAL Apache Software Foundation Apache HTTP Server predicted 9.8 CVE-2022-24112 CRITICAL Apache Software Foundation Apache APISIX predicted 9.8 CVE-2022-24706 CRITICAL Apache Software Foundation Apache CouchDB predicted 9.8 CVE-2021-38647 CRITICAL Microsoft Open Management Infrastructure predicted 9.8 CVE-2023-29357 CRITICAL Microsoft SharePoint Server 2019 predicted 9.8 CVE-2020-12812 CRITICAL Fortinet FortiOS predicted 9.8 CVE-2024-21762 CRITICAL Fortinet FortiProxy predicted 9.8 CVE-2022-42475 CRITICAL Fortinet FortiProxy predicted 9.8 CVE-2021-41773 CRITICAL Apache Software Foundation Apache HTTP Server predicted 9.8 CVE-2021-42013 CRITICAL Apache Software Foundation Apache HTTP Server predicted 9.8 CVE-2025-53770 CRITICAL Microsoft SharePoint Enterprise Server 2016 predicted 9.8 CVE-2021-26855 CRITICAL Microsoft Exchange Server 2016 Cumulative Update 19 predicted 9.1 CVE-2021-34473 CRITICAL Microsoft Exchange Server 2013 Cumulative Update 23 medium 9.1 CVE-2024-38475 CRITICAL Apache Software Foundation Apache HTTP Server predicted 9.1 CVE-2021-34473 CRITICAL Microsoft Exchange Server 2013 Cumulative Update 23 predicted 9.1 CVE-2021-45046 CRITICAL Apache Software Foundation Apache Log4j medium 9.0 CVE-2021-45046 CRITICAL Apache Software Foundation Apache Log4j predicted 9.0 CVE-2021-40438 CRITICAL Apache Software Foundation Apache HTTP Server predicted 9.0 CVE-2020-1040 CRITICAL Microsoft Windows Server predicted 9.0 CVE-2023-21529 HIGH Microsoft Exchange Server 2019 Cumulative Update 12 predicted 8.8 CVE-2021-34527 HIGH Microsoft Windows 10 Version 1809 predicted 8.8 CVE-2022-41040 HIGH Microsoft Exchange Server 2013 Cumulative Update 23 predicted 8.8 CVE-2022-41080 HIGH Microsoft Exchange Server 2016 Cumulative Update 23 predicted 8.8 CVE-2020-0688 HIGH Microsoft Exchange Server 2013 predicted 8.8 CVE-2025-49704 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 8.8 CVE-2021-42321 HIGH Microsoft Exchange Server 2016 Cumulative Update 21 predicted 8.8 CVE-2025-49704 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 8.8 CVE-2022-41080 HIGH Microsoft Exchange Server 2016 Cumulative Update 23 predicted 8.8 CVE-2021-42321 HIGH Microsoft Exchange Server 2016 Cumulative Update 21 predicted 8.8 CVE-2024-21412 HIGH Microsoft Windows 11 version 21H2 predicted 8.1 CVE-2024-21412 HIGH Microsoft Windows 11 version 21H2 predicted 8.1 CVE-2022-41082 HIGH Microsoft Exchange Server 2013 Cumulative Update 23 predicted 8.0 CVE-2022-41082 HIGH Microsoft Exchange Server 2013 Cumulative Update 23 predicted 8.0 CVE-2022-30190 HIGH Microsoft Windows 10 Version 1809 predicted 7.8 CVE-2020-0787 HIGH Microsoft Windows predicted 7.8 CVE-2023-28252 HIGH Microsoft Windows 10 Version 1809 predicted 7.8 CVE-2021-1675 HIGH Microsoft Windows 10 Version 1809 predicted 7.8 CVE-2024-26169 HIGH Microsoft Windows 10 Version 1809 predicted 7.8 CVE-2021-36942 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2023-36884 HIGH Microsoft Windows 10 Version 1809 predicted 7.5 CVE-2021-42278 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2021-42287 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2020-17519 HIGH Apache Software Foundation Apache Flink predicted 7.5 CVE-2024-45195 HIGH Apache Software Foundation Apache OFBiz predicted 7.5 CVE-2021-42287 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2021-36942 HIGH Microsoft Windows Server 2019 predicted 7.5 CVE-2023-36884 HIGH Microsoft Windows 10 Version 1809 predicted 7.5 CVE-2024-38094 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 7.2 CVE-2023-24955 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 7.2 CVE-2023-24955 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 7.2 CVE-2024-38094 HIGH Microsoft SharePoint Enterprise Server 2016 predicted 7.2 CVE-2021-43890 HIGH Microsoft App Installer predicted 7.1 CVE-2021-43890 HIGH Microsoft App Installer predicted 7.1 CVE-2021-31207 MEDIUM Microsoft Exchange Server 2013 Cumulative Update 23 medium 6.6 CVE-2021-31207 MEDIUM Microsoft Exchange Server 2013 Cumulative Update 23 predicted 6.6 CVE-2025-49706 MEDIUM Microsoft SharePoint Enterprise Server 2016 predicted 6.5 CVE-2025-49706 MEDIUM Microsoft SharePoint Enterprise Server 2016 predicted 6.5 CVE-2022-41091 MEDIUM Microsoft Windows 10 Version 1809 predicted 5.4 CVE-2022-44698 MEDIUM Microsoft Windows 10 Version 1809 predicted 5.4 CVE-2022-44698 MEDIUM Microsoft Windows 10 Version 1809 predicted 5.4 CVE-2022-41091 MEDIUM Microsoft Windows 10 Version 1809 predicted 5.4 CVE-2020-0878 MEDIUM Microsoft ChakraCore predicted 4.2 CVE-2020-0878 MEDIUM Microsoft ChakraCore predicted 4.2