Altoufan
Altoufan Team is an Iran-aligned threat group described in the content as linked to the IRGC (Islamic Revolutionary Guard Corps). It is also referred to as ALTOUFAN TEAM. The group appeared early in monitored Telegram-channel activity during the regional conflict and published hostile statements against Israel. Reporting cited in the content identifies it as one of several Iran-aligned groups active in the campaign, alongside 313 Team, DieNet, Fatimion Cyber Team, and Fad Team, and notes that these groups frequently amplified one another’s claims across messaging channels. The group’s early activity was associated with claimed distributed denial-of-service attacks against targets in Kuwait and Israel, consistent with the broader pattern of short-lived, publicity-oriented hacktivist disruptions described in the reporting. The content also states that Altoufan Team targeted Bahrain, including in messaging intended to attach the U.S. ally to antisemitic narratives and provoke hate. In a later escalation, the group claimed website compromises involving Bahrainusa.com, Navymwrbahrain.com, and Scagroup.net, framing them as symbols of U.S. military and diplomatic presence in Bahrain and the Gulf. The content further attributes to Altoufan Team claims of compromise of SCADA-related environments, indicating a shift from DDoS activity toward industrial-control-system targeting. Specifically, it says the group claimed penetration of the Jordan Silos and Supply General Company and manipulation of silo temperature, power, cooling, and surveillance systems. These are presented in the source material as claims made by the group.
Know when an actor pivots toward your sector
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
Targeting
Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.
Who they target
Sectors the actor has been observed targeting.
- Government & Administration
- Telecommunication Services
- Banks
- Transportation
- Public Safety
- Energy
Where they target
Geographies tied to known operations.
- 🇦🇪 United Arab Emirates
- 🇧🇭 Bahrain
- 🇮🇱 Israel
- 🇯🇴 Jordan
- 🇺🇸 United States
- 🇸🇦 Saudi Arabia
- 🇶🇦 Qatar
Where they're from
Attributed origin per open-source reporting.
- IR
Tradecraft
1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
Recent activity
3 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Iran-aligned hacktivist group involved in Gulf cyber campaign activity, especially through coordinated messaging, disruption claims, and broader intrusion narratives.
IRGC-linked pro-Iranian group conducting early retaliatory operations, including DDoS, website compromise claims, and later claimed intrusions into SCADA/industrial control environments in Jordan and against U.S./Israeli-linked regional targets.
Group targeting Bahrain as part of influence and social-polarization operations tied to antisemitic messaging and provocation.
The version that knows your environment.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.