US Offers $10M Reward to Track Iranian Hackers

The United States has placed a new spotlight on Iranian hackers as officials revealed a reward of up to ten million dollars for any information that could help identify or locate members of the group known as Emennet Pasargad. The announcement marks a significant escalation in the government’s push to curb foreign interference and stop cyber operations that target critical infrastructure. By putting such a high price on the group’s activities, US authorities are signaling how seriously they view this ongoing threat.

The offer arrives about a year after a joint advisory from the United States and Israel detailed the group’s operations under its former identity, Aria Sepehr Ayandehsazan. Since then, investigators have linked the same network to several additional aliases. Over time, it has appeared under names like Ayandeh Sazan Sepehr Arya, Eeleyanet Gostar, and Net Peygard Samavat Company. The US now refers to the operation as Shahid Shushtari, while private sector researchers recognize the attackers as Cotton Sandstorm, Marnanbridge, or Haywire Kitten. These many identities point to a long running effort to obscure operational footprints while continuing to run coordinated cyberattacks across multiple regions.

American officials say they have been tracking the group since 2020. They describe Shahid Shushtari as part of the Cyber Electronic Command inside the Islamic Revolutionary Guard Corps. This detail places the activity directly under a state-controlled organization and shows how cyber operations have become an extension of geopolitical strategy. By linking the threat actors to a military structure, the US is framing the group’s work as more than typical cybercrime. It is treated as a form of state backed influence and disruption.

Investigators say the same network was responsible for attacks linked to the 2024 Summer Olympics as well as incidents involving a US streaming company that delivers IPTV services. The group had also been sanctioned in earlier years for attempts to sway voter opinion during the 2020 presidential election. These events illustrate a pattern of targeting large public moments and digital platforms that influence social perception. Each attack added pressure on security teams already dealing with rising threats from foreign actors.

The US has also identified key individuals behind the operations. Officials named Mohammad Bagher Shirinkar as the leader of Shahid Shushtari. They also revealed that Fatemeh Sedighian Kashi has been employed for years by the group’s front company. Sources say the two maintain a close partnership and work together on planning and executing cyber operations. These details are intended not only to reveal the structure of the organization but also to encourage tipsters to provide information that could help disrupt the group’s leadership.

Authorities believe the attackers are based in Tehran and continue to focus on targets in the United States, Europe, and the Middle East. Their operations have struck several industries over the years, including news outlets, financial organizations, travel and shipping companies, energy firms, and telecommunications providers. The list shows how Iranian hackers often aim at sectors that hold sensitive data or operate essential public infrastructure. When these systems come under attack, even small disruptions can lead to larger economic or safety concerns.

By offering a reward for actionable intelligence, the US hopes to gather leads from security professionals, researchers, or individuals who have direct knowledge of the group’s activity. Officials encouraged anyone with credible information about Shirinkar, Sedighian, Shahid Shushtari, or any related entities to reach out through the Rewards for Justice program. The government emphasized that tipsters can use a Tor based reporting channel, which helps protect the identity of those who come forward.

This new incentive reflects the growing urgency around global cyber threats. The United States sees these hackers as part of a broader pattern in which state aligned groups execute operations that blend espionage, disruption, and influence. Each attack adds weight to the argument that cyber incidents have become one of the fastest moving fronts in national security. As more sectors adopt cloud and digital systems, the potential impact of a coordinated attack becomes even more severe.

Officials are also trying to prevent new influence operations aimed at future elections. They say foreign actors have shown consistent interest in shaping public opinion or eroding trust in democratic systems. By naming Iranian hackers directly and offering financial rewards, officials hope to create barriers that make these influence efforts harder to carry out. The move also sends a clear message that interference in domestic political processes will trigger consequences.

Security researchers say the group’s activity often blends technical attacks with psychological components. Some operations involve breaking into systems, stealing data, and then releasing it in ways designed to mislead audiences or stir political tension. Others focus on taking down services or interrupting operations in critical sectors. These tactics allow a relatively small team of individuals to create broad disruption with limited resources.

The reward program is part of a much larger strategy. The United States continues to strengthen partnerships with international agencies, private cybersecurity firms, and infrastructure operators. These alliances provide more visibility into how groups like Shahid Shushtari operate. They also help governments coordinate faster responses when new threats emerge. As cyber operations evolve, collaboration across borders becomes essential.

Even though Iranian hackers have used many aliases, the pattern of activity remains consistent enough for analysts to track. Each rebrand appears to be an attempt to avoid detection or sanctions. Yet each shift also gives investigators more opportunities to map the group’s behavior and identify its weaknesses. As the United States continues to release public information about these actors, it becomes harder for them to operate without exposure.

The decision to offer such a large reward underscores the stakes. The US is making it clear that it wants to deter future attacks, disrupt current operations, and prevent foreign interference. At the same time, it wants to encourage the cybersecurity community to share intelligence quickly and safely. As long as state backed groups continue to expand their digital reach, these reward programs may become even more common.

The government hopes that by raising awareness and providing financial incentives, it can reduce the operational space available to these hackers. The coming months will show whether the strategy leads to meaningful breakthroughs. For now, the announcement marks one of the strongest signals yet that the United States plans to pursue every lead until the threat is contained.