Ethical Hacking News
Ravin Academy's data breach raises concerns over Iranian cybersecurity capabilities, highlighting the threat posed by state-sponsored cyberattackers and the importance of robust cybersecurity measures. The incident also underscores the effectiveness of international sanctions in curbing Iranian cyberattacks and serves as a reminder of the ongoing threat posed by MuddyWater and other MOIS-linked groups.
Ravin Academy, a state-sponsored cyberattack training ground, suffered a data breach exposing personal information of its associates and students. The breach targeted an online platform hosted by the academy and leaked sensitive data including names, phone numbers, and national ID numbers. The attack aimed to undermine confidence in Iranian security measures and damage the reputation of the academy. The incident raises concerns about the effectiveness of sanctions imposed on organizations affiliated with Iran's intelligence ministry (MOIS). Many of those affected are academics working at Western universities, highlighting the threat posed by Iranian cyberattacks. Ravin Academy's founders are sanctioned by multiple countries for their role in establishing the academy and carrying out attacks carried out by MOIS-linked groups.
Iran's Ravin Academy, a training ground for state-sponsored cyberattackers, has suffered a data breach that exposed personal information of its associates and students. The breach, which occurred in October 2025, targeted one of the online platforms hosted by the academy and resulted in the leak of sensitive data, including names, phone numbers, and national ID numbers.
According to reports, the attack was part of an effort to undermine confidence in Iranian security measures and damage the reputation of the academy. The breach is particularly concerning given the academy's association with Iran's intelligence ministry (MOIS) and its role in recruiting cyber specialists for human rights violations. The incident has also raised questions about the effectiveness of sanctions imposed on organizations affiliated with MOIS, which include Ravin Academy.
The data leaked from Ravin Academy includes names, phone numbers, and Telegram usernames of associates and students, as well as details of classes attended by some individuals. The leak was made publicly available by UK-based Iranian activist Nariman Gharib, who claimed to have received a copy of the stolen data in the form of a spreadsheet.
Researchers have discovered that many of the individuals whose data was leaked are associated with academics, with a significant number working as professors at Western universities. Fewer were linked to computer science and cybersecurity fields, while others worked in adjacent STEM fields such as mechanical engineering, electrical engineering, fluid dynamics, and machine learning.
Ravin Academy's founders, Farzin Karimi Mazlganchai and Seyed Mojtaba Mostafavi, are also sanctioned by the UK, US, and EU for their role in establishing the academy. Both individuals have been credibly tied to attacks carried out by MOIS-linked attack group Yellow Nix/MuddyWater/APT34.
The breach highlights the continued threat posed by Iranian cyberattacks and raises concerns about the effectiveness of international sanctions aimed at curbing these activities. The incident also underscores the importance of robust cybersecurity measures and data protection protocols in high-risk environments.
In related news, Group-IB researchers have reported that MuddyWater, a MOIS-linked group responsible for numerous high-profile attacks, is still active and has been involved in over 100 recent intrusions across government entities in the Middle East and North Africa. This incident serves as a reminder of the ongoing threat posed by Iranian cyberattacks and highlights the need for sustained international cooperation to address these activities.
Related Information:
https://www.ethicalhackingnews.com/articles/Ravin-Academy-Data-Breach-Raises-Concerns-Over-Iranian-Cybersecurity-Capabilities-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/10/27/breach_iran_ravin_academy/
Published: Mon Oct 27 13:28:29 2025 by llama3.2 3B Q4_K_M
