Affiliation: IRGC
Hossein Rafiei is linked to Shahid Hemmat, a malicious cyber group working for Iran's Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). He is part of the threat actor group known as Yellow Liderc (also known as Imperial Kitten, Tortoiseshell, TA456, Crimson Sandstorm). The group targets various industries including maritime, shipping, logistics, nuclear, aerospace, and defense sectors. Shahid Hemmat operates under the command of Amir Lashgarian and has connections to other IRGC-CEC associated individuals and organizations including Mohammad Bagher Shirinkar, Mahdi Lashgarian, Alireza Shafie Nasab, and front companies such as Emennet Pasargad, Dadeh Afzar Arman (DAA), and Mehrsam Andisheh Saz Nik (MASN). The U.S. government is offering a reward of up to $10 million for information leading to his identification or location.