RESEARCHERS at Lab52 have uncovered a sophisticated OT framework marketed on the dark web, described as a comprehensive toolkit for industrial control system exploitation aimed at disrupting energy grids and military networks. Promoted by a group calling itself “APT IRAN” and described as the “most extensive industrial and military control network framework to date”, the offering raises concerns about the ease with which such capabilities could be used to cause physical damage to critical infrastructure.
The framework, found on a TOR-accessible platform known as the “Black Market Cartel”, advertises features for precise manipulation of power distribution systems, including selective circuit control, load balancing disruption, and equipment stress testing. It targets standard industrial protocols such as IEC 61850 and IEC 61970, giving attackers granular control over the physical grid.
Lab52 notes links between the “APT IRAN” channel and the Islamic Revolutionary Guard Corps (IRGC), and states that this points to a more sophisticated threat than previously expected. The report highlights questions about whether the tool is a functional weapon or a decoy, with its sale page being removed and detailed descriptions suggesting a serious intent beyond a mere scam.
According to Lab52, the timing, descriptions, and protocol targeting imply a genuine capability, underscoring concerns for critical infrastructure security.