Amir Lashkarian is identified as the leader of Unit 003 within the Quds Force of the Iranian Revolutionary Guard Corps (IRGC). The unit specializes in cyber operations and is involved in managing digital warfare strategies to support allied regimes, notably in Syria. Lashkarian’s operational involvement includes deploying cyber assets to assist Bashar al-Assad’s regime against opposition forces.
Amir Hossein Hosseini’s Position Amir Hossein Hosseini is one of Amir Lashkarian’s primary assistants, reflecting a structured hierarchy within Unit 003. His direct familial and spousal details—Hassan and Razieh as his parents, and Sanaz Kayhan as his wife—are signposts of deep-rooted connections within the Iranian socio-political elite, common in the IRGC to ensure loyalty and cohesion.
IRGC’s Unit 003 and Espionage Systems Unit 003 operates under the IRGC with a primary focus on electronic warfare and espionage. The unit employs sophisticated surveillance systems and cyber tools developed domestically and through cooperation with international allies like Russia and China. Their systems are used to infiltrate adversarial networks, steal data, and disrupt operations. Examples include advanced malware like DROPSHOT and TURNEDUP, which are linked to campaigns against aerospace and energy sectors.
Examples of Operating Units and Alliances Unit 300 and its subordinate groups maintain alliances with multiple organizations, such as Eeleyanet Gostar and AVAT. These entities function as covers for cyber operations and malware analysis, while also advancing the IRGC’s disinformation and psychological operations.
PricewaterhouseCoopers (PwC) Allegations
There are unconfirmed reports alleging PwC addresses have been linked to the activities of cyber groups under IRGC control. While no direct evidence ties PwC to espionage, hackers affiliated with the IRGC have targeted consultancy firms for intelligence.
Cyber Operations and Technological Capabilities The IRGC cyber divisions, including Unit 003, prioritize both defensive and offensive strategies. They use methods like spear-phishing, watering-hole attacks, and malware deployment. Their dynamic and static analysis capabilities have been amplified by AI integration and international collaborations, particularly with Russian and Chinese cyber entities. The collaboration has enhanced their ability to infiltrate sophisticated adversarial networks, evidenced by breaches in the U.S. and Europe.
Digital Influence and Propaganda Iranian cyber units are instrumental in conducting digital influence campaigns. Using platforms like Instagram, Telegram, and Twitter, the IRGC manipulates narratives to destabilize adversarial societies while promoting the regime’s objectives. Their campaigns use hashtag manipulation, impersonation, and false narratives, targeting vulnerable social and political fissures in rival nations.
Global Implications and IRGC’s Evolving Doctrine
Iran’s cyber and military doctrine reflects its ideological framework and practical necessity. The IRGC leverages asymmetric capabilities to compensate for conventional military deficiencies. Cyber warfare, alongside ballistic missile development and regional proxy conflicts, forms the backbone of its strategy. They intend to deter adversaries, project power, and maintain plausible deniability.
We See What Others Cannot
