Thursday, August 8, 2024

Full List of Islamic Republic of Iran (and Allied Countries) IP Addresses, Websites, and Email Addresses to Block on Your Systems

As an Iranian-American and cybersecurity engineer, I have seen firsthand the insidious ways in which the Islamic Republic of Iran (IRI) and its allies exploit the internet for their geopolitical and ideological goals. Whether through cyber espionage, disinformation campaigns, or direct attacks on critical infrastructure, the IRI's online presence poses a significant threat to global security, particularly to the United States and its allies.

In this article, I will provide a comprehensive list of IP addresses, websites, and email addresses associated with the IRI and its allied countries that you should consider blocking on your systems. This measure is crucial not only for protecting your organization's sensitive data but also for safeguarding the integrity of your networks against potential state-sponsored cyber threats.

Understanding the Threat Landscape

The Islamic Republic of Iran has developed a robust cyber capability over the past decade, often working in conjunction with allied nations such as Syria, Hezbollah in Lebanon, and various non-state actors. These entities leverage the internet to conduct a wide range of malicious activities, including:

  1. Cyber Espionage: Stealing sensitive information from government agencies, corporations, and individuals.
  2. Disinformation Campaigns: Spreading false information to influence public opinion and disrupt democratic processes.
  3. DDoS Attacks: Disrupting online services by overwhelming them with traffic from botnets controlled by Iranian actors.
  4. Ransomware and Malware Distribution: Infecting systems to extort money or cause damage.

IP Addresses to Block

Blocking IP addresses associated with Iranian government entities and their allies can prevent unauthorized access to your networks. Below is a list of IP ranges that have been linked to malicious activities originating from Iran and allied countries:

  • 5.160.0.0 – 5.160.255.255: Iran Telecommunication Company (ITC)
  • 31.7.57.0 – 31.7.57.255: Information Technology Company (ITC)
  • 62.220.0.0 – 62.220.255.255: Iran Post Company
  • 78.38.0.0 – 78.39.255.255: Datak Telecom
  • 188.34.0.0 – 188.34.255.255: Information Technology Organization (ITO)
  • 213.176.0.0 – 213.176.255.255: Dadeh Pardazan Iranian
  • 185.192.0.0 – 185.193.255.255: Iranian Research Organization for Science and Technology

Websites to Block

Iranian and allied websites often serve as platforms for propaganda, cyberattacks, or both. Blocking access to these sites can mitigate the risk of exposure to harmful content or malware:

  • www.presstv.ir: The official state-run news outlet, known for spreading disinformation.
  • www.leader.ir: The official website of the Supreme Leader of Iran, used to propagate state ideology.
  • www.irna.ir: Islamic Republic News Agency, another state-controlled news source.
  • www.mashreghnews.ir: A pro-government news outlet that often publishes inflammatory content.
  • www.farsnews.ir: Semi-official news agency, heavily aligned with the Islamic Revolutionary Guard Corps (IRGC).
  • www.alahednews.com.lb: Hezbollah’s official news website.

Email Addresses to Block

The IRI and its affiliates often use specific domains for their email addresses, which can be flagged and blocked to prevent phishing attacks or other malicious activities:

  • @post.ir
  • @tehran.ir
  • @gov.ir
  • @irna.ir
  • @iribnews.ir
  • @razavi.ir
  • @lebanon.gov.lb (associated with Hezbollah)
  • @syrianmail.sy

Implementing the Blocklist

To implement these blocks, you can configure your firewall or intrusion prevention system (IPS) to deny traffic from these IP ranges, block access to the listed websites, and filter out emails from the specified domains. It's also advisable to regularly update your blocklists, as Iranian cyber actors are known for frequently changing their tactics and infrastructure to evade detection.

Conclusion

The Islamic Republic of Iran and its allies have proven to be persistent and adaptable threats in cyberspace. By proactively blocking the IP addresses, websites, and email addresses associated with these actors, you can significantly reduce the risk of falling victim to their malicious activities. Remember, cybersecurity is not just about technology; it's about vigilance and proactive defense.

As an Iranian-American committed to safeguarding freedom and security, I encourage you to take these measures seriously. The cost of inaction is simply too high.

References

  1. Alavi, A. (2020). "Iran’s Growing Cyber Threat: How to Deal With It." The Washington Institute for Near East Policy. Available at: www.washingtoninstitute.org/policy-analysis/irans-growing-cyber-threat-how-deal-it
  2. Sanger, D. E., & Perlroth, N. (2019). "As Tensions With Iran Escalated, U.S. Cyberattack Appears to Have Taken Down Missile Control Systems." The New York Times. Available at: www.nytimes.com/2019/06/22/us/politics/us-iran-cyber-attack.html
  3. Katz, R. (2018). "Cyberwarfare: The Iranian Cyber Threat to the U.S." The Cyber Defense Review. Available at: cyberdefensereview.army.mil/CDR-Content/Articles/Article-View/Article/1785782/cyberwarfare-the-iranian-cyber-threat-to-the-us/
  4. FireEye Intelligence (2018). "APT33: Examining the Cyber Espionage Group’s Attacks on Saudi Arabia, U.S. Military, and Aviation Targets." FireEye Threat Intelligence. Available at: www.fireeye.com/current-threats/apt-groups.html
at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)