IRGC

The Islamic Revolutionary Guard Corps (IRGC) is an Iranian state military and intelligence organization referenced in the content as a threat actor spanning physical, cyber, financial, propaganda, and maritime activity. Known aliases in the provided content include Iranian Revolutionary Guards and IRGC. The content also specifically mentions the IRGC’s Quds Force. Based on the provided material, the IRGC has been linked to recruitment and incitement of overseas threat actors for targeted attacks and assassinations against high-profile U.S. politicians and Iranian dissidents on U.S. soil. In cyber and influence operations, the content links the IRGC to phishing targeting individuals abroad involved in Iran-related activities, including WhatsApp users; exploitation of PLCs in multiple sectors including U.S. water and wastewater systems facilities; and activity targeting or abusing commercial messaging platforms. The content also describes IRGC online propaganda, recruitment, and fundraising infrastructure across social media, streaming services, blogs, and standalone websites, including multilingual content, AI-generated videos, and cryptocurrency use to sustain and amplify operations. Financially, the IRGC is described as using cryptocurrency-linked networks and counterparties associated with sanctions evasion and illicit trade. The content states that A7-linked infrastructure had exposure to the IRGC and that one A7 address received more than USD 65 million in direct transfers from an address attributed to the IRGC. The IRGC Quds Force is also referenced in connection with cryptocurrency purchases tied to Iranian oil sales and financial support pipelines involving proxies. The content repeatedly associates the IRGC with maritime coercion and kinetic operations in and around the Strait of Hormuz and Gulf waters. Reported behavior includes control of transit corridors near Larak Island, permission-based transit regimes, direct VHF warnings to merchant vessels, deployment of high-speed craft and gunboats, drone strikes, firing on commercial vessels, vessel seizure, and broader escalation from deterrence and warning to direct engagement. Multiple incidents in the content attribute attacks or threats against commercial shipping and port infrastructure to the IRGC, including strikes on vessels such as MSC ISHYKA and SANMAR HERALD, harassment of shipping, and attacks affecting regional energy and maritime infrastructure. The content also describes IRGC threats and strikes against regional technology infrastructure and companies. It states that the IRGC threatened major U.S. technology and finance companies’ Middle Eastern facilities as legitimate targets, and that IRGC-linked or IRGC-attributed strikes affected AWS sites in the Middle East. Additional reporting in the content references threats against energy, power, information, and telecommunications infrastructure. Geographically, the content places IRGC activity in Iran, the Gulf and Strait of Hormuz, the United States, Europe, and Latin America. In Latin America, the content states that the IRGC, particularly through its Quds Force, has been expanding its presence and cooperating with local criminal networks such as drug cartels to fund operations. The content also links the IRGC to aligned or proxy ecosystems including Hezbollah, Ansar Allah/Houthis, Hamas, PIJ, and HAYI in the context of online content tracing and financial facilitation.