The U.S. State Department is offering up to $10 million for information about an Iranian hacker accused of launching cyberattacks on critical infrastructure. Officials say the hacker is part of a group known as CyberAv3ngers, which has gained attention for targeting U.S. and Israeli water utilities in 2023 and 2024.
CyberAv3ngers is linked to Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). U.S. authorities previously announced sanctions and rewards in August for information on at least six hackers believed to be connected to this group.
On Thursday, the State Department announced the new reward. It focuses on a hacker who goes by the online names “Mr. Soul” or “Mr. Soll.” According to officials, this hacker and CyberAv3ngers have carried out cyberattacks on U.S. critical infrastructure on behalf of the IRGC-CEC.
The group has used a type of malware called IOControl to attack industrial control systems (ICS) and supervisory control and data acquisition (SCADA) devices. These systems are essential to critical infrastructure in the U.S. and other countries.
So far, the State Department and the Cybersecurity and Infrastructure Security Agency have not provided additional details about the latest attacks.
CyberAv3ngers members have used Telegram to claim responsibility for their attacks using IOControl. This malware was highlighted by officials in December 2024. Several cybersecurity firms reported that Iranian hackers have used IOControl to attack devices in Israel and the U.S. These devices include cameras, routers, firewalls, and other technology from companies like Unitronics, D-Link, Hikvision, and Baicells.
Experts at Claroty said they found a sample of IOControl in a gas station management system allegedly compromised by CyberAv3ngers. The malware lets attackers control infected devices remotely and move through networks. The firm Armis noted that this malware appeared under different names more than a year ago.
The reward announcement comes amid escalating military tensions between Israel and Iran. On Friday, Israeli missile strikes reportedly killed hundreds in Iran, including military leaders and nuclear scientists. In response, Iran launched hundreds of rockets at Israel, killing dozens of people in Tel Aviv and other cities.
John Hultquist, chief analyst at Google Threat Intelligence Group, warned that Iranian hackers could increase their cyberattacks against Israel. He added that while Iranian cyber activity outside the Middle East has been limited, this could change because of the military conflict.
“Iranian cyber espionage already targets the U.S. government, military, and political organizations. Now, there could be more attacks on U.S. critical infrastructure or even private individuals,” Hultquist said.
