Iran, a nation with a complex geopolitical landscape, possesses a formidable intelligence infrastructure critical for safeguarding its national interests and maintaining internal stability. Within this framework, several intelligence agencies play pivotal roles in gathering information, conducting covert operations, and ensuring the nation’s security.
1- Ministry of Intelligence and Security (MOIS)
The Ministry of Intelligence and Security (MOIS) stands as a pivotal intelligence agency within the Iranian government, wielding significant influence in safeguarding the Islamic regime’s interests, both domestically and internationally. Its operations, while clandestine, have been shaped by a comprehensive approach, marked by calculated strategies and activities.
Targeted Assassinations and Threat Perception
One notable aspect of MOIS’s operations is its involvement in targeted assassinations of dissidents, both within Iran and abroad. The selection of targets is guided by the government’s perception of the threat posed by the individual in question. This ruthless approach underscores the regime’s determination to quell dissent and eliminate perceived adversaries, reinforcing its grip on power.
Infiltration of Opposition Groups and Terrorist Networks
The MOIS has historically maintained a focus on Europe, a region where many Iranian dissidents have sought refuge. Within Europe, the agency has adopted an aggressive approach, infiltrating Iranian opposition groups and establishing terrorist networks and military cells. This infiltration strategy serves to suppress opposition movements beyond Iran’s borders and curtail any potential threats to the regime.
Engagement in Cyber-Enabled Activities
In the modern era, the MOIS has expanded its reach to engage in cyber-enabled activities, particularly targeting the United States and its allies. This involvement highlights the agency’s adaptability to evolving technological landscapes, enabling it to harness cyber capabilities to further its objectives, gather intelligence, and potentially disrupt targeted entities.
Research, Reports, and Policy Assessment
Within its multifaceted operations, the MOIS conducts in-depth research and circulates comprehensive reports. These reports encompass various domains, including assessments of Iranian policy in neighboring countries such as Iraq, offering valuable insights and recommendations to the government. This analytical approach signifies the agency’s dedication to informed decision-making and strategic planning.
Methodical Approach and Information Gathering
Compared to the Islamic Revolutionary Guard Corps (IRGC) intelligence, the MOIS adopts a more methodical and deliberative approach in its intelligence-gathering endeavors. It extends its reach to gather information on other governments, particularly in the Middle East. This information acquisition is geared towards understanding rival strategies, discerning potential threats, and evaluating the effectiveness of Iran’s policies in the regional context.
2- Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO)
The Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO) represents a crucial pillar within Iran’s complex intelligence structure, wielding immense influence over both internal and external domains. The agency’s operations are deeply entrenched in securing the Iranian regime’s interests and suppressing dissent, employing a multifaceted approach to achieve its objectives.
Abductions and Assassinations: Quashing Dissent at Home and Abroad
The IRGC-IO has gained notoriety for its involvement in abductions and assassinations of dissidents, both within Iran and beyond its borders. This brutal practice is exemplified by the kidnapping and subsequent execution of Ruhollah Zam, an Iranian journalist based in Iraq, in October 2019. These actions underscore the agency’s ruthless approach in silencing voices that challenge the government’s authority.
Dominance in Internal Military Intelligence
The IRGC-IO exercises primary dominance over internal Iranian military intelligence responsibilities. It operates as a safeguard against terrorist attacks, foreign political interference, and domestic unrest. The agency actively monitors online activities of Iranians and undertakes measures to counter influence operations orchestrated by Iran’s Western adversaries. Additionally, the IRGC-IO detains dissidents, including Iranians, dual nationals, and foreigners, in line with its mission to maintain internal stability and preserve the regime’s control.
Evolution and Expansion of Operations
The roots of the IRGC-IO trace back to the aftermath of the 1979 revolution when it commenced its intelligence operations as the IRGC Intelligence Directorate. Over time, it evolved, eventually being upgraded and renamed as the IRGC Intelligence Organization following the 2009 Green Movement. This transformation underscored the organization’s growing influence and expanded role in safeguarding the regime’s interests.
Strategic Coordination with MOIS and Focus on Intelligence Operations
Collaboration with the Ministry of Intelligence and Security (MOIS) is a notable aspect of the IRGC-IO’s operations. While engaging in procurement, often in collaboration with MOIS, the IRGC-IO primarily focuses on plotting routes and logistics to facilitate the movement of critical resources such as weapons, money, and personnel across the Middle East. Within Iran, both MOIS and IRGC intelligence function in tandem, aiming to gather information on networks and underground groups. However, IRGC intelligence places a particular emphasis on preventing armed attacks within Iran, including bombings or attempts to storm government buildings. It also monitor disruptive elements in Iranian society. For example, IRGC-IO claimed that intelligence agencies from 20 countries fueled the Iranian protests
3- Center for Investigating Organized Cybercrime
The Center for Investigating Organized Cybercrime holds a significant position within Iran’s expansive intelligence infrastructure, with a primary focus on cybercrime. While specific details regarding the agency’s contributions to intelligence gathering and clandestine operations remain undisclosed, a glimpse into various cyber operations attributed to Iranian intelligence agencies sheds light on their collective cyber capabilities.
Role in Cyber Operations
Iranian intelligence agencies, notably the MOIS and the IRGC-IO, have been closely associated with numerous cyber operations aimed at foreign entities for intelligence gathering and strategic purposes. These cyber operations underscore Iran’s prowess in cyber espionage and disruption across a spectrum of sectors.
Notable Cyber Operations
In a notable incident in March 2018, the US Department of Justice charged nine Iranians for orchestrating a massive cyber theft campaign on behalf of the IRGC. This campaign involved intrusions targeting research, academic and proprietary data, highlighting Iran’s intent to acquire valuable information through cyber means.
Furthermore, in September 2022, the US Department of Justice charged three Iranian nationals for orchestrating a scheme to hack into the computer networks of multiple US victims, including critical infrastructure providers, for personal gain. The indictment emphasized that the Iranian government inadvertently provided a safe haven for cyber criminals seeking personal gain.
Collaborative Efforts and Cyber Capabilities
The collective efforts of Iranian intelligence agencies, including the Center for Investigating Organized Cybercrime, underscore Iran’s strategic approach to harnessing cyber capabilities. These agencies often collaborate and coordinate cyber operations, leveraging their expertise to target various entities and gather intelligence critical to national interests.
In the cyber realm, Iran’s influence extends globally. For instance, in September 2020, the FBI announced criminal charges against multiple alleged hackers in Iran, including members of the Rana Intelligence Computing Company. This company, affiliated with Iran’s Ministry of Intelligence and Security, targeted entities across continents. Additionally, the FBI detailed various malware sets used by the company, highlighting the gravity of the threat and urging enhanced cybersecurity measures.
In February 2022, CISA warned of Iranian state-backed hackers conducting global cyber operations. The advisory emphasized vigilance, urging organizations to detect compromise indicators, employ antivirus software, patch systems, prioritize known vulnerability patches, educate users on phishing, and enforce multi-factor authentication. These hackers had a dual role, supplying stolen data to the Iranian government and collaborating with other malicious actors.
The ongoing cyber activities orchestrated by Iranian government-sponsored actors emphasize the importance of robust cybersecurity measures globally. The Center for Investigating Organized Cybercrime remains a crucial component of Iran’s cyber intelligence efforts, showcasing the evolving nature of cyber warfare and its implications on international security.
4- Oghab 21
Oghab 21 is a formidable cyber espionage group believed to operate under the auspices of the Iranian government. Its actions and capabilities have drawn international attention, as it has engaged in cyberattacks against a range of targets, including government agencies and private companies, as part of its mission to serve the interests of the Iranian government.
Targeted Cyberattacks and Their Implications
Oghab 21’s cyber operations have left a significant impact on various countries and sectors, showcasing Iran’s proficiency in utilizing cyber capabilities for intelligence gathering and secret operations. Here are specific instances where Oghab 21’s activities have come to light:
Cyberattack on Bahrain’s National Oil Company (Bapco)
In 2019, Oghab 21 orchestrated a cyberattack on Bahrain’s national oil company, Bapco, resulting in a shutdown of the company’s computer systems. This attack was perceived as part of a broader Iranian campaign targeting Gulf Arab states. The incident underscored Iran’s cyber reach and its intent to disrupt critical infrastructure in neighboring regions.
Cyberattack on Israel’s Water Supply System
In 2020, Oghab 21 was reportedly behind a cyberattack on Israel’s water supply system. Although the attempt was unsuccessful, it raised concerns about Iran’s capability to target critical infrastructure, emphasizing the potential severity of such cyber threats to vital services.
Cyberattack on Israel’s Ben Gurion Airport
In 2021, Oghab 21 reportedly targeted Israel’s Ben Gurion airport in a cyberattack. While this attempt was unsuccessful, it indicated Iran’s sustained interest in targeting Israel and demonstrated the group’s persistent efforts to exploit cyber means for strategic advantage.
Cyberattack on a US Defense Contractor
In 2022, Oghab 21 was implicated in a cyberattack on a US defense contractor, as part of a broader Iranian campaign against US targets. This incident highlighted the group’s global reach and its involvement in activities that directly impact national security, emphasizing the gravity of cyber threats in the international arena.
A Warning From Carnegie Endowment for International Peace
A 2018 report by the Carnegie Endowment for International Peace shed light on Iran’s cyber operations, specifically delving into Oghab 21’s activities. The report revealed their involvement in cyber espionage campaigns, targeting activists, scholars, defense companies, and governments globally. Iran’s cyber operations often mirror normalized law enforcement behavior witnessed in other nations adapting to advancing information technologies.
According to a 2019 report by the Center for Strategic and International Studies (CSIS), Iran has rapidly enhanced its cyber capabilities, positioning itself ahead of many nations in cyber warfare strategy and organization. Iran demonstrated a sophisticated organizational structure to manage cyber conflict, with Oghab 21 being a significant contributor to cyber espionage and sabotage operations.
A FireEye Report
In 2018, cybersecurity firm FireEye issued a comprehensive report detailing Iranian cyber espionage activities, with a focus on Oghab 21’s operations. The report uncovered Oghab 21’s engagement in cyber espionage campaigns targeting government agencies, defense companies, and financial institutions across the Middle East, Europe, and the United States.
5- IRGC Counterintelligence Organization
The Islamic Revolutionary Guard Corps (IRGC) Counterintelligence Organization stands as a critical arm of Iran’s intelligence and security apparatus, entrusted with the paramount duty of safeguarding the nation against threats and infiltration by adversaries. This section delves into the mission, history, and leadership of this pivotal organization, illuminating its significance in preserving Iran’s interests and ensuring internal security.
Mission and Responsibilities
The IRGC Counterintelligence Organization’s mission is unequivocal: to protect Iran from threats and infiltration by its adversaries. With a steadfast commitment to national security, the organization operates meticulously to thwart attempts that seek to compromise the nation’s sovereignty, integrity, and stability. Through counterintelligence efforts, it aims to neutralize foreign influences and espionage activities that may undermine Iran’s interests using brutal means like assassination, torture and targeted killing.
The roots of the IRGC counterintelligence wing can be traced back to the establishment of the Ministry of Intelligence and Security (MOIS) in 1983, where it was initially mentioned in legislation. Over the years, its role and prominence within the Iranian intelligence landscape have grown, aligning with the evolving nature of security threats and the changing geopolitical environment.
Leadership and Key Appointments
In June 2022, Supreme Leader Ayatollah Ali Khamenei appointed Brig. Gen. Majid Khademi to lead the IRGC Counterintelligence Organization. Khademi, who had previously headed the defense ministry’s counterintelligence organization, brought a wealth of experience and expertise to his new role. His appointment underscored the significance of robust leadership to effectively counter the evolving threats faced by Iran.
In January 2023, Khademi publicly condemned Iran’s adversaries for their attempts to interfere in nationwide protests. He emphasized how adversaries leveraged perception and cognitive warfare to exploit disillusionment among the youth, showcasing the organization’s dedication to countering external influences and preserving Iran’s ideological and societal fabric.
Counterintelligence in the Face of Challenges
The IRGC Counterintelligence Organization operates in an environment fraught with challenges, including cyber threats, misinformation campaigns, and attempts to foment internal unrest. The organization remains resolute, employing advanced counterintelligence techniques to stay ahead of evolving threats and effectively counter adversarial activities.
6- Artesh Directorate for Intelligence (J2)
The Artesh Directorate for Intelligence (J2) is a pivotal arm of the Iranian military intelligence apparatus, with a specific mission geared towards tactical intelligence and counterintelligence operations. This section provides a comprehensive understanding of J2’s mission, functions, and its role in the broader landscape of Iran’s national security.
Mission and Core Functions
The primary mission of the J2 revolves around conducting tactical intelligence and counterintelligence operations within the Artesh, the conventional military of Iran. The J2 is tasked with overseeing intelligence and security affairs within the Artesh, ensuring its operational readiness and preparedness. This includes the assessment of both domestic and international threats that may impact Iran’s military interests.
Assessing Domestic and International Threats
The J2 plays a crucial role in evaluating domestic and international threats to Iran. Similar to the MOIS, the intelligence arm of the Artesh possesses investigative powers within Iran and beyond its borders. Internationally, it assesses foreign militaries and strategic threats, including those posed by prominent nations such as the United States and Saudi Arabia. The J2 diligently monitors and analyzes U.S. and Saudi military capabilities, providing vital intelligence to inform strategic decisions and policy formulation.
Collaboration and Integration
The J2 reportedly includes members from diverse military branches, allowing for a multidimensional approach to intelligence operations. This integration of personnel from various military branches enhances collaboration and information sharing, ultimately bolstering the effectiveness and efficiency of intelligence activities. The interconnectedness of J2 with other military units ensures a comprehensive assessment of threats and a cohesive response strategy.
Parallels with U.S. Intelligence Functions
Notably, some U.S. and Iranian agencies exhibit similarities in their functions. The Artesh intelligence agency mirrors the structure of the MOIS in terms of having both domestic and international investigative capabilities. This parallel emphasizes the significance of understanding the commonalities and differences in the intelligence frameworks of various nations, aiding in the assessment of potential threats and fostering effective diplomatic relations.
7- Artesh Counterintelligence Organization
The Artesh Counterintelligence Organization stands as a fundamental arm of Iran’s intelligence and security apparatus, playing a pivotal role in preserving the nation’s interests and security. This section delves into the mission, history, and leadership of this vital organization, illuminating its significance in safeguarding Iran against threats and infiltration by adversaries.
Mission and Responsibilities
The mission of the Artesh Counterintelligence Organization is unequivocal: to protect Iran against threats and infiltration posed by adversaries. This includes monitoring and countering attempts by foreign entities to undermine Iran’s security, whether through espionage, cyber intrusions, or other means. The organization diligently works to ensure the sovereignty and stability of the nation, while also striving to maintain a technological edge amidst the changing nature of conflict.
The origins of the Artesh Counterintelligence Organization can be traced back to its establishment in 1983, during the intense eight-year war with Iraq. This period marked a crucial juncture where the need for a dedicated counterintelligence unit was paramount, given the complex and multifaceted threats faced by the nation during wartime. The organization has since evolved and adapted to the shifting dynamics of warfare, continuously enhancing its capabilities to effectively counter evolving threats.
Leadership and Key Figures
Brig. Gen. Mohammad Hassan Habibian, a prominent and seasoned leader, headed the Artesh Counterintelligence Organization for a significant period, at least from 2013 to 2018. His tenure saw a strong focus on the changing landscape of conflict due to technological advancements. Habibian emphasized that Iran’s adversaries had been striving to impede the acquisition of new knowledge and technology by the Islamic Republic. Under his leadership, the organization responded adeptly to these challenges, mitigating threats and ensuring the nation’s continued progress and security.
Technological Advancements and Adversarial Mitigation
The Artesh Counterintelligence Organization has consistently adapted to advancements in technology and the evolving strategies of adversaries. Brig. Gen. Mohammad Hassan Habibian has underscored how technology has fundamentally altered the nature of conflict, and adversaries have attempted to leverage this to hinder Iran’s progress. However, through vigilant efforts and strategic responses, the organization has effectively mitigated these threats, showcasing its adaptability and resilience.
8- Law Enforcement Command (LEC) Intelligence Organization
The Law Enforcement Command (LEC) Intelligence Organization operates as an essential component within Iran’s national policing structure, primarily focusing on maintaining public order and security. This section elaborates on the core functions, mission, and significance of LEC’s intelligence unit in preserving public order and safety within the nation.
Mission and Core Functions
The primary mission of the Law Enforcement Command (LEC) Intelligence Organization revolves around ensuring public order and security within Iran. It specifically emphasizes addressing typical policing issues that pertain to the well-being and safety of the public. The intelligence unit works diligently to monitor, analyze, and respond to various situations that may pose a threat to public peace, ensuring a safe environment for the citizens.
Preserving Public Order and Security
The core function of the LEC Intelligence Organization centers on preserving public order and security. The intelligence unit works in close collaboration with the broader Law Enforcement Command to identify potential threats, analyze criminal activities, and develop strategies to mitigate risks. By proactively addressing policing concerns, such as crime prevention, traffic management, and public safety measures, the LEC Intelligence Organization contributes significantly to maintaining a sense of order and tranquility in Iranian society.
Collaborative Efforts for Effective Policing
The LEC Intelligence Organization operates in tandem with various other divisions within the Law Enforcement Command. Through collaborative efforts and integrated intelligence sharing, the organization optimizes its capabilities to address a diverse range of policing issues effectively. By fostering a cohesive and cooperative environment, the intelligence unit enhances its ability to assess situations accurately and devise appropriate responses to emerging challenges.
Adherence to Public Safety Protocols
Adhering to established public safety protocols is a fundamental aspect of the LEC Intelligence Organization’s operations. By following stringent guidelines and protocols, the organization ensures that its intelligence-gathering activities are conducted in a manner that upholds the rule of law, protects citizens’ rights, and contributes to a safe and secure living environment for all.
Budget and Resources
Iran’s commitment to security and order is reflected in its budget allocation. The 2022 budget bill saw a significant allotment of more than 54.8 trillion tomans (approximately $13 billion USD) for “maintaining public order and security,” showcasing the nation’s priority in safeguarding its interests. Notably, the IRGC, which encompasses the IRGC-IO, received a substantial budget, underlining its importance within the broader intelligence landscape.
In conclusion, the intelligence agencies in Iran form a critical network tasked with ensuring national security, both within the country and beyond its borders. Through collaboration and specialized focuses, these agencies contribute significantly to Iran’s strategic interests and policy objectives. Understanding this intricate intelligence framework is pivotal for comprehending Iran’s stance on regional and international affairs.