The US State Department has announced a reward of up to $10 million for information on the Iranian hackers behind the IOControl malware, a tool used against critical US and Israeli infrastructure. The focus is on an individual known as Mr. Soul (or Mr. Soll), who is associated with the Iranian hacking group CyberAv3ngers.
CyberAv3ngers is a group affiliated with the Cyber-Electronic Command of the Islamic Revolutionary Guard Corps of Iran (IRGC-CEC). In 2023-2024, it gained international notoriety for attacks on US and Israeli water companies. According to the State Department, these actions are part of an Iranian cyber campaign against critical systems.
Using IOControl, attackers gained remote control over devices: cameras, routers, firewalls, as well as equipment from brands such as Unitronics, D-Link, Hikvision and Baicells. Claroty analysts confirmed that this malware was even detected in gas station management systems.
IOControl was first mentioned in December 2024, when the US government and private companies recorded a wave of attacks that had all the signs of state interference. The software allowed hackers to move around the internal network, disable systems and steal confidential data. All this is happening against the backdrop of an armed conflict between Israel and Iran, where digital warfare has become part of the real battlefront.
In response to the attacks, the US has already imposed sanctions on six Iranian hackers, but now the search is focused on Mr. Soul, about whom little information is yet available. Meanwhile, Telegram channels CyberAv3ngers are actively publishing details of attacks, showing off hacked objects.
Recent events confirm that cyberattacks are not only about data, but also about people’s lives when it comes to infrastructure: energy, water, transportation. Google analysts are already warning: Iranian cyber operations may go beyond the Middle East, and American objects will again become targets.
