Cyber Analysis Group - CyberAGroup - OSINT Darkweb Investigations  - Insider Threat - Crypto - Online threat & exposure - SOCMINT - Canadian

‹ Back

At the time of this posting, CyberAveng3rs maintains an X (Twitter) account where they boast about cyberattacks against Israel, issue threats, and spread propaganda.

The group gained international notoriety in late 2023 and early 2024 for targeting critical infrastructure that used Israeli-linked technology, most notably compromising Unitronics PLCs at U.S. water facilities, such as the municipal water authority in Aliquippa, Pennsylvania. By 2026, their operations had shifted toward more disruptive capabilities, including the manipulation of Rockwell Automation controllers and human–machine interfaces (HMIs) at American wastewater and energy plants.

CyberAveng3rs (also stylized as CyberAv3ngers) is a cyber persona formally attributed by U.S. and international intelligence agencies to the Islamic Revolutionary Guard Corps (IRGC). Specifically, this persona is a front for the IRGC Cyber-Electronic Command (IRGC-CEC). In February 2024, the U.S. Department of the Treasury sanctioned six senior IRGC-CEC officials for their roles in CyberAveng3rs operations.

How are they still allowed to operate openly on X (Twitter)? They have already lost control of their Telegram channels, a fact they even complain about on X. Is this simply something that has slipped through the cracks, or is their continued presence being tolerated for monitoring and intelligence-gathering purposes despite the serious questions it raises about trade-offs and overall risk?