A massive data breach has reportedly exposed an Iranian cybersecurity firm’s alleged role in state-sponsored cyber espionage operations targeting major international airlines and freight companies worldwide.
The leaked documents suggest that Amnban, officially known as Sharif Advanced Technologies, served as a front for Iran’s intelligence services while conducting systematic attacks on aviation infrastructure.
State-Sponsored Digital Warfare Operations
According to the leaked files, Amnban operated under the guise of legitimate penetration testing and security consulting while allegedly conducting Cyber Network Exploitation (CNE) operations for Iran’s Ministry of Intelligence and Security (MOIS).
The company, founded in 2018 by graduates from prestigious Iranian universities, reportedly maintained connections to APT39 (also known as Chafer), a notorious hacking group previously linked to Iranian intelligence operations.
The breach allegedly revealed that Amnban’s CEO, Behnam Amiri, had direct ties to APT39 operations.
At the same time, the company employed Ali Kamali, a hacker sanctioned by the FBI in 2020 for attacks on American infrastructure.
Intelligence documents suggest that Hamed Mashayekhi, identified as a MOIS operative, maintained regular access to Amnban’s facilities, indicating direct government oversight of the operation.
Technical analysis of the leaked data reveals sophisticated targeting methodologies designed for both intelligence gathering and potential infrastructure disruption.
The operations allegedly employed advanced persistent threat techniques to maintain long-term access to airline systems, enabling continuous data harvesting and reconnaissance activities.
Extensive Target Portfolio Spanning Multiple Continents
The leaked reconnaissance reports allegedly document systematic targeting of over a dozen major carriers, including Royal Jordanian, Turkish Airlines, Wizz Air, Emirates, Qatar Airways, Etihad, and Rwanda Airlines.
The operation’s scope reportedly extended beyond passenger airlines to include major freight companies such as FedEx, USPS, and DHL, suggesting broader logistical intelligence objectives.
Geographic analysis of the targets reveals a pattern encompassing both allied and adversarial nations from Iran’s perspective, indicating comprehensive intelligence collection rather than selective targeting.
The documents allegedly show detailed technical reconnaissance of each target’s digital infrastructure, suggesting preparation for potential Cyber Network Attack (CNA) capabilities.
Implications for Global Aviation Security
The alleged breach highlights vulnerabilities in the aviation sector’s cybersecurity ecosystem, particularly about third-party security contractors.
If verified, these operations would represent a significant escalation in state-sponsored cyber espionage targeting civilian transportation infrastructure.
Aviation security experts note that passenger data, flight manifests, and operational systems represent high-value intelligence assets for foreign governments.
The alleged systematic nature of these operations suggests long-term strategic objectives beyond simple data theft, potentially enabling future disruption capabilities against critical transportation networks during periods of geopolitical tension.
The revelations underscore the growing intersection between cybersecurity consulting and state-sponsored espionage, highlighting the need for enhanced vetting procedures for security contractors handling sensitive aviation infrastructure.
