Affiliation: IRGC
Mohammad Reza Rafatinezhad is linked to Shahid Hemmat, a malicious cyber group working for Iran's Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). He is associated with the Iran-based threat actor group known as Yellow Liderc (also known as Imperial Kitten, Tortoiseshell, TA456, Crimson Sandstorm). The group targets various industries including maritime, shipping, logistics, nuclear, aerospace, and defense sectors. Shahid Hemmat operates under the command of Amir Lashgarian and has connections to other IRGC-CEC associated individuals and organizations including Mohammad Bagher Shirinkar, Mahdi Lashgarian, Alireza Shafie Nasab, and front companies such as Emennet Pasargad, Dadeh Afzar Arman (DAA), and Mehrsam Andisheh Saz Nik (MASN). They have been involved in various IRGC cyber and intelligence operations targeting U.S. critical infrastructure. The U.S. government is offering a reward of up to $10 million for information leading to his identification or location, or information preventing malicious cyber activities against U.S. critical infrastructure.