Cyberattack on Iranian company reveals military deal with Russia

Cyberattack on Iranian firm exposes $1.9 billion military deal with Russia involving UAVs, raising concerns about sanctions evasion and potential Wagner Group involvement.

A cyberattack by a group identified as PRANA has allegedly revealed a significant military agreement between Iran and Russia, centered around the transfer of Iranian-made Shahed-model unmanned aerial vehicles (UAVs). This breach, targeting the servers of Sahara Thunder, a shell company operated by Iran’s Revolutionary Guards, has shed light on details exceeding 10 gigabytes, potentially impacting regional security and raising concerns about sanctions evasion.

Sahara Thunder, disguised as a heavy industry company, serves as the procurement arm for Iran’s Ministry of Defense and facilitates oil sales, circumventing US-imposed embargoes. PRANA claims to have accessed sensitive intelligence, including technological data on Shahed UAVs, transportation methods utilizing Russia’s Alabuga Special Economic Zone, and extensive economic information regarding the company’s structure and operational cover.


The most striking revelation pertains to a 2022 deal involving the transfer of a production line and the license to manufacture 6,000 Shahed UAVs over two and a half years for $1.75 billion. Negotiations reportedly lowered the per-unit price from $375,000 to $290,000 for the bulk purchase. Further, data suggests the sale of Shehad 136 models to Russia in 2023 for $48,800 apiece, amounting to roughly $165 million, including production line upgrades and knowledge transfer.

Interestingly, a portion of the Russian payment allegedly involved 2,070 kilograms of gold, valued at nearly $135 million, potentially originating from Africa, where the Wagner Group, a Russian paramilitary organization, operates in gold and mineral extraction. Companies based in the United Arab Emirates are said to have facilitated the financial transactions between the two countries.

Beyond the data theft, PRANA reportedly wiped clean the Iranian company’s email servers, further emphasizing the severity of the attack. While the group’s motivations and true identity remain shrouded in secrecy, the exposed information carries considerable weight.