Affiliation: IRGC
Amir Hosein Hoseini is a member of Shahid Hemmat, a malicious cyber group operating under Iran's Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). He is associated with the Iran-based threat actor group known as Yellow Liderc (also known as Imperial Kitten, Tortoiseshell, TA456, Crimson Sandstorm). The group targets various industries including maritime, shipping, and logistics sectors in the Mediterranean; nuclear, aerospace, and defence industries in the US and Europe; and IT managed service providers in the Middle East. Shahid Hemmat operates under the command of Amir Lashgarian and has been specifically linked to cyber attacks targeting the U.S. defense industry and international transportation sectors. The group has connections to other IRGC-CEC associated individuals and organizations including Mohammad Bagher Shirinkar, Mahdi Lashgarian, Alireza Shafie Nasab, and front companies such as Emennet Pasargad, Dadeh Afzar Arman (DAA), and Mehrsam Andisheh Saz Nik (MASN). The U.S. government is offering a reward of up to $10 million for information leading to Hoseini's identification or location, or information preventing malicious cyber activities against U.S. critical infrastructure.