TRJ CYBERSECURITY INTEL REPORT
Category: Nation-State Infrastructure Threat
Features: ICS/SCADA compromise, remote access malware, critical infrastructure targeting, lateral movement
Delivery Method: IOControl malware (customized ICS exploit kit)
Threat Actor: CyberAv3ngers (IRGC-Cyber-Electronic Command affiliated)
Discovery Date
June 13, 2025 — U.S. State Department issues a renewed global bounty for the capture or identification of a known cyber persona: Mr. Soul (aka Mr. Soll) — allegedly linked to the CyberAv3ngers hacking group operating on behalf of the Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).
The bounty? $10 million for actionable intelligence. The target?
A global campaign of cyber sabotage — and the malware strain at the heart of it all: IOControl.
The $10 Million Trace
It starts with a reward. Not for stolen art. Not for a fugitive.
But for a shadow — a cyber ghost named Mr. Soul, known only by a handle and a trail of disruption.
On June 13, 2025, the U.S. State Department did something rare. They broke silence — and protocol — to place a $10 million bounty on an Iranian hacker they believe has been inside America’s infrastructure for months, operating through a known cyberterror unit called CyberAv3ngers.
This isn’t sci-fi. This isn’t theory.
According to the official alert, the group — backed by Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC) — has already compromised water systems, fuel networks, and security layers in both the U.S. and Israel. And they didn’t use missiles. They used IOControl — a malware strain designed to slip into the core of SCADA systems and take control from within.
Not disable. Not damage. Control. What’s worse? They bragged about it — right on Telegram.
Now the hunt is on. The attacks are escalating. And as Israel and Iran trade missiles in the physical world, a digital war is being waged across routers, controllers, and silently blinking panels across America.
Welcome to the IOControl Protocol — where cyberwarfare isn’t coming.
It’s already inside the firewall.
Primary Objective
Disrupt and compromise supervisory control systems (ICS/SCADA) across U.S. and Israeli water utilities, fuel systems, municipal controls, and energy distribution networks. The objective appears two-fold:
Degrade operational control infrastructure as retaliation for military strikes
Send a symbolic warning through high-visibility, civilian-targeted disruptions
Malware Profile: IOControl
Name: IOControl
Type: ICS/SCADA-targeting remote access trojan
Control Capabilities: Full remote takeover, lateral movement, network mapping, shadow file deployment, firmware disablement
Targets:
- Water system control panels
- Gas station fuel management
- Cameras, firewalls, and routers (Hikvision, Unitronics, D-Link, Baicells)
- Any unpatched industrial internet-connected tech
Initial Vector: Unknown — likely credential stuffing + hardcoded backdoor reuse
First Public Advisory: Claroty + Armis — December 2024
Attribution and Actor Profile
Group: CyberAv3ngers
Nation-State Affiliation: Islamic Republic of Iran
Command and Control: Believed to operate under IRGC-CEC
Known Platforms: Telegram, Secured IRC hubs, private Git leak dumps
Signature Tactics:
- Defacing Israeli control panels
- Uploading “kill switch” test videos
- Boasting about access to physical systems without immediate execution
- Embedding Arabic and Persian-coded modules in ICS controller environments
Attack Claims and Visual Proof
CyberAv3ngers have posted multiple screenshots and alleged breach logs on Telegram, showing access to gas station management dashboards, water treatment control software, and exposed ICS devices across Israel, New York, and Florida.
Claroty threat teams captured a live sample from a gas station network, with logs showing repeated callback activity from compromised fuel controller units.
System Exploits & Affected Vendors
- Unitronics PLCs (Programmable Logic Controllers) — used in wastewater, energy, and manufacturing
- Hikvision IP Cameras — targeted for soft breach entry
- D-Link firewalls and consumer-grade routers — used for pivoting
- Baicells LTE controllers — suspected recon footholds
- Unknown SCADA integrations — zero-days under analysis
State Department Reward Escalation
“We’re offering $10 million for any information leading to the identity, location, or disruption of CyberAv3ngers operatives — especially the persona known as Mr. Soul or Mr. Soll,” the State Department confirmed.
The reward coincides with recent military escalations between Israel and Iran, which saw Israeli missile strikes reportedly killing over 400 Iranian nationals — including nuclear scientists and IRGC cyber operatives.
Expert Warning
John Hultquist, chief analyst at Google’s Threat Intelligence Group (formerly Mandiant), issued a public alert:
“Iranian cyber actors are likely to rededicate themselves to regional attacks and possibly expand targets globally. That includes privately owned U.S. infrastructure, beyond just military or government assets.”
Intelligence Forecast (30 Days)
| Timeline | Threat Escalation |
|---|---|
| Next 7 days | Increased targeting of water utilities and fuel control systems in U.S. swing states (Florida, Pennsylvania, Arizona) |
| 7–14 days | Possible retaliation targeting Israeli telecoms and energy regulators |
| 14–30 days | U.S.-based ICS vendors may experience phishing, DNS-level manipulation, or software backdooring |
TRJ VENDOR WATCHLIST
All vendors should verify firmware update integrity and conduct lateral movement simulations immediately.
- Unitronics (All PLC models)
- D-Link (SOHO and SMB routers)
- Hikvision (All public-facing cams)
- Baicells (Edge LTE controllers)
- Open SCADA (custom builds)
🔥 NOW AVAILABLE! 🔥
📖 INK & FIRE: BOOK 1 📖
A bold and unapologetic collection of poetry that ignites the soul. Ink & Fire dives deep into raw emotions, truth, and the human experience—unfiltered and untamed.
🔥 Kindle Edition 👉 https://a.co/d/9EoGKzh
🔥 Paperback 👉 https://a.co/d/9EoGKzh
🔥 Hardcover Edition 👉 https://a.co/d/0ITmDIB
Get your copy today and experience poetry like never before. #InkAndFire #PoetryUnleashed #FuelTheFire
🚨 NOW AVAILABLE! 🚨
📖 THE INEVITABLE: THE DAWN OF A NEW ERA 📖
A powerful, eye-opening read that challenges the status quo and explores the future unfolding before us. Dive into a journey of truth, change, and the forces shaping our world.
🔥 Kindle Edition 👉 https://a.co/d/0FzX6MH
🔥 Paperback 👉 https://a.co/d/2IsxLof
🔥 Hardcover Edition 👉 https://a.co/d/bz01raP
Get your copy today and be part of the new era. #TheInevitable #TruthUnveiled #NewEra
🚀 NOW AVAILABLE! 🚀
📖 THE FORGOTTEN OUTPOST 📖
The Cold War Moon Base They Swore Never Existed
What if the moon landing was just the cover story?
Dive into the boldest investigation The Realist Juggernaut has ever published—featuring declassified files, ghost missions, whistleblower testimony, and black-budget secrets buried in lunar dust.
🔥 Kindle Edition 👉 https://a.co/d/2Mu03Iu
🛸 Paperback Coming Soon
Discover the base they never wanted you to find. TheForgottenOutpost #RealistJuggernaut #MoonBaseTruth #ColdWarSecrets #Declassified
Support truth, health, and preparedness by shopping the Alex Jones Store through our link. Every purchase helps sustain independent voices and earns us a 10% share to fuel our mission. Shop now and make a difference!
https://thealexjonesstore.com?sca_ref=7730615.EU54Mw6oyLATer7a
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
