Iran's Mahan airlines is collaborating with the Islamic Revolutionary Guard Corps (IRGC) and its foreign operations branch Quds Force, a hacker group said based on the material it has gained.
The cyber group "Hooshyaran-e Vatan" (Homeland's Sharp-sighted), on Sunday claimed responsibility for a cyberattack against the Mahan airlines, declaring that it had hacked the internal network of the carrier and obtained sensitive confidential information, including internal documents, letters, emails and reports, which allegedly show the airline has been working in close cooperation with the IRGC Quds-Force.
Mahan Air has admitted it was targeted by a cyberattack, but has claimed that it thwarted the attack, adding that it has faced similar attacks in the past, Iranian media reported on Sunday.
A statement released on the hacking group's Telegram channel claims that Mahan has been recording its dealings with IRGC's Quds-Force under the cover name "Hamrah". The announcement says that the name "Mr Hamrah Hamrah" has been mentioned on the carrier's passenger lists around seventy thousand times since 2017, travelling between Tehran's IKA and DAM (Damascus airport), and that amazingly sometimes hundreds of passengers were registered to have flown simultaneously under this same name.
The flights for Mr Hamrah had all been booked by the same travel agency "Youtab Gasht", which regularly used a company named "Hamrah", "Hamráh" or "Hamráh Seyr" to transfer cash funds, the statement adds.
Additionally, there seems to be a close association between "Youtab Gasht" and Mahan with the "Hamrah Company", which according to the documents, had been allowed to book large numbers of tickets under the name "Hamrah Hamrah" for anonymous passengers without revealing their true identities to Mahan, the statement reads, adding that the Hamrah Company was given total authority by Mahan and easily had direct access to sensitive airport computer systems.
According to the statement, the Hamrah Company could not be found on the web, but it was discovered to be linked to the IRGC through the name "Mr Golparast", an individual identified on the web as an ex-IRGC commander and current owner of Fars Air Qeshm. Fars Air Qeshm is known as IRGC Quds-Force's cover company, and is used to transport ammunition and military equipment throughout the Middle East.
Hence the statement concludes that the Hamrah Company is in fact another of IRGC Quds-Force's cover companies, used to send supplies and military personnel under the pretext of transporting civilians.
The statement states finally that the hacker group will continue its investigations to discover the types and quantity of cargo transported and identify those involved in these operations.
Privately owned Mahan Air is Iran's second-largest carrier after the national airlines Iran Air, operating domestic and international flights to destinations in Europe, Middle East and Asia from Tehran's Mehrabad and Imam Khomeini International Airports. It has been on the U.S. sanction list since 2011 for “providing financial, material, or technological support for or to the IRGC-QF.”
Furthermore, in 2019, the U.S. Treasury said Mahan Air had transported "IRGC-QF operatives, weapons, equipment, and funds abroad in support of the IRGC-QF’s regional operations", "moved weapons and personnel for Hezbollah (of Lebanon)" and "flown fighters and materiel to Syria to prop up the Assad regime".
Iran has been targeted by several cyberattacks in recent months, including October's hack of the fuel distribution systems at petrol stations, which led to their shut down and caused widespread disruptions nationwide, and which authorities claimed was the work of a foreign country. Another was the cyberattack on the surveillance camera system of Tehran's notorious Evin prison by hacker group "Edalat-e Ali" (Ali's Justice) in August, the leaked videos of which revealed human rights violations.