3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
Mohammad Bagher Shirinkar

Mohammad Bagher Shirinkar

ID: 7bfa626f1034b6920c71aa859c6996f481556
Cybercrime Cyber Espionage Cybercriminal Hacktivist
Threat types: Intrusion, OT/ICS Disruption
Iran ISR, USA
Updated: 2026-03-21
Created: 2026-03-21
Progress: 72% Completeness: 73% Freshness: 70%
Operation zone: Israel, United States
Aliases Limited alias preview
No aliases registered.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium-high
Actor Techniques page ATT&CK® Diagram

Mohammad Bagher Shirinkar is publicly identified as a senior official of Iran's IRGC Cyber-Electronic Command (IRGC-CEC). Open sources also state that he oversees the Shahid Shushtari group and is linked to the wider CyberAv3ngers-associated ecosystem targeting critical infrastructure.


Technique Technique name Tactics Evidence
T1110 Brute Force TA0006
  • 2023-12-01 — CyberAv3ngers activity against Unitronics devices relied on weak/default passwords. INFERENCE (confidence: medium): as a senior IRGC-CEC official linked to the same ecosystem, Shirinkar is associated with an operational environment that used credential abuse against exposed systems. · ref
T1078.001 Default Accounts TA0001 TA0003 TA0004 TA0005
  • 2023-12-01 — Valid or default account access is consistent with the Unitronics advisory. INFERENCE (confidence: medium): Shirinkar should be linked to this technique only at the cluster/oversight level, not as a directly observed hands-on operator. · ref
T1491.001 Internal Defacement TA0040
  • 2023-12-01 — Defacement of Unitronics HMIs with anti-Israel messaging was publicly documented. INFERENCE (confidence: medium): this technique is relevant to the ecosystem surrounding Shirinkar, not individually proven against him. · ref
T1565.001 Stored Data Manipulation TA0040
  • 2023-12-01 — The advisory described logic manipulation / malicious changes to operational systems. INFERENCE (confidence: medium): this maps to the wider IRGC-CEC/CyberAv3ngers ecosystem associated with Shirinkar. · ref
T1583.001 Domains TA0042
  • 2024-12-10 — Claroty documented attacker-operated domain infrastructure tied to IOCONTROL operations. INFERENCE (confidence: low-medium): Shirinkar's relevance is organizational association with the ecosystem using such infrastructure. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-03-21T03:18:04+00:00
Mohammad Bagher Shirinkar

Classification: TLP:WHITE — Cyber / State-linked / IRGC-CEC-associated official

Author: iQBlack CTI Team


Executive Summary

Mohammad Bagher Shirinkar is publicly identified by U.S. government sources as a senior official of the Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC). Public reporting does not support treating him as a standalone intrusion persona or distinct threat group; rather, he is best assessed as part of the command-enablement and supervisory layer associated with the broader IRGC-CEC cyber ecosystem.


His name appears in sanctions and rewards material tied to malicious cyber activity against critical infrastructure, and in public reporting that links him to the Shahid Shushtari and broader CyberAv3ngers / IRGC-linked ecosystem. That makes him analytically relevant as an institutional node inside an operational cluster that has targeted OT/ICS-adjacent environments, Israeli-made industrial technology, and infrastructure-related sectors.

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — Mohammad Bagher ShirinkarClassification: TLP:WHITEWhat this isMohammad Bagher Shirinkar is publicly identified as a senior IRGC-CEC official linked to malicious cyber activity associated with Iran’s broader CyberAv3ngers / critical-infrastructure targeting ecosystem. He is more accurately profiled as an institutional command-enablement figure than as an individually documented operator.Why it mattersProfiles like Shirinkar matter becaus

Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — Mohammad Bagher Shirinkar

Priority: Medium-High (cluster-driven / command-enablement profile)

Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-03-21T03:20:52+00:00

IOC Appendix — Mohammad Bagher Shirinkar

Scope & Caveats. This appendix is intentionally sparse in hard individual-specific indicators. Mohammad Bagher Shirinkar is best documented as a senior IRGC-CEC official tied to an operational ecosystem rather than as an individually attributed malware author or public-facing operator. As a result, most useful indicators are cluster-level or hunting-oriented, not person-typed blocking indicators.

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-03-21T03:21:06+00:00

OSINT Library — Mohammad Bagher Shirinkar


2024-02-02 — U.S. Department of the Treasury — “Treasury Sanctions Actors Responsible for Malicious Cyberattacks on Critical Infrastructure”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/0
No social links registered for this profile.
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
No images found for this threat.