Pro-Israel Hacktivist’s Hijack a Pro-Palestinian Telegram Channel

While the Israel-Hamas conflict has engulfed the headlines since Hamas’s terror attack on 7 October 2023 and hostage-taking, and Israel’s subsequent “Operation Swords of Iron” response, a shadow war has raged in the hacking underworld, with the frontlines becoming the likes of “BreachForums” and Telegram channels. While this hidden war has been documented in Webz.io (October 2023), Bloomberg (November 2023), TheRecord.Media (January 2024), and a webinar hosted by analytic firm Bluestone Analytics (January 2024), the ever-looming question remains: Are these hacktivist groups a collective of sympathizers, or is it state-sponsored cyber warfare?

1. Hacktivist vs Hacktivist: Cyber_Av3ngers vs. WeRedDevils

In a significant development on the Telegram hacktivist channel front, the well known Pro-Palestine channel “Cyber_Av3ngers” (https://t.me/cyberaveng3rs), a channel has over 6.7 thousand subscribers, was purportedly taken-over by the Pro-Israel hacktivist group WeRedDevils (https://t.me/weredevils || https://t.me/weredevilsOG) on 20 April. 

Subsequently, the “WeRedDevils || WeRedDevilsOG” posted the alleged. 

The ”CyberAveng3rs” channel became active on Telegram in September 2023, a few weeks before 7 October 2023. It boasted about its dedication to attacking Israel infrastructure.

While most of the channels activity is visible between October 2023 and January 2024, posts became sporadic and more spaced out, with a significant lapse up until mid March 2024. The last post before the purported take over by “WeRedDevilsOG || WeRedDevils” was 13 April, with lead up “hype” posts about again attacking Israeli infrastructure, specifically saying “Lights Out Tel-Aviv” and “Prepare for more wide spread power outages” 

When “WeRedDevilsOG || WeRedDevils” announced their control of the Telegram channel on 20 April, they then doxx’ed who they claim was behind the Telegram channel, Mahdi Lashgarian. Lashgarian is a purported link to the IRGC – Cyber-Electronic Command, which was posted on both the “Cyber_Aveng3rs” and the “WeRedDevilsOG” Telegram channels 

1.1 Hactivism exposing… India?

Of interest, the phone numbers associated with the subject do not appear to have an Iranian country code. Presumed with the +98 Iran country code, the phone numbers would reflect +989104762098 and +982177394846. There were no further identifiers provided in the doxx’ing.

OSINT research on revealed the email possibly being mahdi@lashgarian.com which is of interest. An entity registered the domain lashgarian.com in 2018

Domain Name: lashgarian.com
Registry Domain ID: 2282726043_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: https://www.godaddy.com
Updated Date: 2018-07-05T15:21:45Z
Creation Date: 2018-07-05T15:21:45Z
Registrar Registration Expiration Date: 2028-07-05T15:21:45Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146

Further digging revealed a nexus to the username “renegade-r” associated with the email mahdi@lashgarian.com

A set of data sourced from a database breach in 2023 also revealed something interesting:

Email

mahdi@lashgarian.com


Leak Base

tasocial_pap


Data

(‘6718VIMa’, ”, ‘idham979000’, ‘Mahdi’, ‘Lashgarian’, ‘84519751fe35e5cb4f1e986b29519d5b’, ”, ‘92.50.15.4’),

The IP address 92.50.15.4 attributes to an IPXO customer geolocating India

While “WeRedDevils || WeRedDevilsOG” channels are active with multiple doxxings, this one is particularly interesting. The intelligence gaps that exist is how “WeRedDevils” were able to assume control of the “Cyber_Aveng3rs” Telegram channel in the first place. How were they able to obtain so much information about Mahdi Lashgarian if they were behind the channel? If true, and the Lashgarian was affiliated with IRGC – Cyber Electronic Command, the question would linger are the other “hacktivist” Palestine sympathetic channels also being run by members of the IRGC? Is this state sponsored hacking with a “hacktivist” masquerade? 

Table of Contents

Related Content

Japanese Red Army: A Communist terror organisation

TYPE:_ Article
Location:_ Far East

Russian Interference in Moldova: A Counterintelligence Report

Location:_ Europe

SFSG: The UK Special Forces Support Group 

TYPE:_ Article
Location:_ Europe

Chinese Espionage in Great Britain: Red Shadows

Location:_ Europe

Española: The Football Hooligans Fighting for Russia in Ukraine

TYPE:_ Article

JNIM: The Quest for a West African Caliphate

Location:_ West Africa

Stay in the loop

Get a free weekly email that makes reading intel articles and reports actually enjoyable.

Log in

Stay in the loop

Get a free weekly email that makes reading Intelligence Reports and Articles actually enjoyable.

Table of Contents

Contact

Contact

"*" indicates required fields

This field is for validation purposes and should be left unchanged.