A trove of documents, images, and videos from the offices of Iranian President Ebrahim Raisi has been posted online, according to cybersecurity experts. The leaked materials, shared by a group called “GhyamSarnegouni,” include diplomatic correspondence, floor plans of government offices, and detailed network topologies.
While some of the information confirms known activities, the breach is considered embarrassing for the Iranian government. The documents also reportedly contain internal information on nuclear expansion.
The authenticity of the hack has been confirmed by cybersecurity experts, who stated that the leaked files appear legitimate and may have been obtained by someone with insider access.
Although the information exposed is not considered highly critical, floor plans and technical details could be of concern. The timing of the breach, occurring alongside progress on nuclear issues, raises questions about the frequency of major leaks during such negotiations.
The group responsible for the attack, GhyamSarnegouni, is an anti-Iranian government group that emerged on Telegram in early 2022. Their messaging aligns with the Iranian opposition group Mojahedin-e Khalq (MEK), indicating a possible affiliation. The hackers claimed to have gained control of servers, computers, and security footage associated with the president’s office and other government leaders.
They also alleged access to classified internal communications, including encrypted messages and tens of thousands of classified documents.
GhyamSarnegouni previously claimed to have hacked Iranian foreign ministry servers, and another group called Black Reward took credit for the hack-and-leak of emails related to Iran’s nuclear program.
The extent of the leaked data has prompted experts to remark that the Iranian regime has become the first dictatorship to become open-source, as the leaked materials provide unprecedented insight into the government’s operations.
