010.1: LAB DOOKHTEGAN | The Role of Hacktivism in the Modern World
Description
AUDIO NOTE: There are some portions of audio with slight static. I’m blaming solar flares. On a serious note, I’m troubleshooting this, but the episode is still listenable.
Key Topics:
* Lab Dookhtegan’s emergence as an Iranian hacktivist group targeting the regime through hack-and-leak operations, data leaks, and sabotage since 2019.
* Key attacks, including the 2019 leak of APT34 tools, multiple doxings of IRGC officials from 2020 to 2024, and election interference exposures.
* Destructive maritime cyber attacks in March and August of 2025 disrupted 116 and 64 Iranian sanction-evading ships via supply chain compromise.
* Speculations on Lab Dookhtegan’s potential ties to nation-states like the US or Israel for plausible deniability in proxy operations.
* Comparisons to other hacktivist groups like KillNet (Russian-backed) and Blackjack (Ukrainian-aligned), highlighting overlaps between hacktivism and state-sponsored cyber activities.
Call to Action:
* Subscribe to the podcast for more episodes on high-profile cyber intrusions.
* Visit our website at intrusionsindepth.com for additional stories and insights.
* Share your thoughts on social media using #IntrusionsInDepth.
Books:
* Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg
Links and Resources:
* https://cybershafarat.com/2023/10/09/lab-dookhtegan-supports-us-against-hamas-hezbollah/
https://www.rferl.org/a/farda-briefing-iran-water-crisis-israel-help/33503264.html
https://www.wired.com/story/iran-hackers-oilrig-read-my-lips/
https://securityaffairs.com/117506/apt/iran-state-sponsored-ransomware.html
https://flashpoint.io/blog/second-iranian-ransomware-operation-project-signal-emerges/
https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf
https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdf
https://blog.sekoia.io/iran-cyber-threat-overview/
https://x.com/LabDookhtegan2/status/1754860930599403851
https://x.com/LabDookhtegan2/status/1737531151424565421
https://x.com/LabDookhtegan2/status/1734144401687842971
https://x.com/LabDookhtegan2/status/1757333667242770769
https://home.treasury.gov/news/press-releases/jy2072
https://x.com/LabDookhtegan2/status/1767939764966047877
https://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/
https://x.com/LabDookhtegan2/status/1824131756884365386
https://cydome.io/lab-dookhtegan-cyberattack-second-wave-findings-aug-2025/
https://cloud.google.com/blog/topics/threat-intelligence/apt44-unearthing-sandworm
https://cloud.google.com/blog/topics/threat-intelligence/gru-rise-telegram-minions
https://en.wikipedia.org/wiki/Killnet
https://therecord.media/russian-hacker-group-killnet-returns-with-new-identity
https://cydome.io/lab-dookhtegan-cyber-attack-on-iranian-oil-tankers-disrupts-operations/
https://blog.narimangharib.com/posts/2025%2F08%2F1755854831605?lang=en
https://en.wikipedia.org/wiki/LulzSechttps://citizenlab.ca/2023/01/uncovering-irans-mobile-legal-intercept-system/https://go.recordedfuture.com/hubfs/reports/cta-2024-0125.pdfhttps://blogs.microsoft.com/on-the-issues/2024/08/08/iran-targeting-2024-us-election/https://assets.recordedfuture.com/insikt-report-pdfs/2020/cta-2020-0409.pdfhttps://home.treasury.gov/news/press-releases/jy2072https://en.wikipedia.org/wiki/March%E2%80%93May_2025_United_States_attacks_in_Yemenhttps://cybershafarat.com/2024/11/01/the-attempt-of-shahid-shushtri-also-known-as-emennet-pasargad-a-cyber-group-affiliated-with-the-islamic-revolutionary-guard-corps-to-interfere-in-the-upcoming-american-elections-iran-internatio/
* Host: Josh Stepp
* Produced by: Josh Stepp
Thank you for tuning in to IntrusionsinDepth. Stay informed, stay safe, and see you in the next episode!
Get full access to IntrusionsInDepth at www.intrusionsindepth.com/subscribe
United States
