Mahak Rayan Afraz

Mahak Rayan Afraz, an Iranian company posing as a cybersecurity service provider, has been identified as a threat actor involved in a series of cyberattacks. In 2021, Facebook took action against an Iranian cybercriminal group known as "Tortoiseshell", which was linked to Mahak Rayan Afraz according to Symantec's threat researchers. The Department of Justice (DoJ) has further implicated the company in these malicious activities, with one individual, Alireza Shafie Nasab, being charged on multiple counts related to computer and wire fraud, as well as aggravated identity theft. Nasab, an Iranian national, reportedly worked for Mahak Rayan Afraz and played a key role in procuring infrastructure used in the company's operations. His position within the company is alleged to have been a cover for his involvement in a multi-year hacking campaign that targeted U.S. defense contractors, government agencies, and private organizations. Over the course of nearly five years, Nasab and his co-conspirators are said to have compromised at least 200,000 computers through spear-phishing, software exploitation, and social engineering attacks. The scale and duration of these operations highlight the significant threat posed by Mahak Rayan Afraz and associated individuals. According to a DoJ announcement, Nasab and his co-conspirators operated under the Mahak Rayan Afraz business from 2016 until April 2021. These findings underscore the need for continued vigilance and robust cybersecurity measures to counter such sophisticated threat actors.