Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Ministry of Energy of I.R.IRAN - وزارت نیرو

Ministry of Energy of I.R.IRAN - وزارت نیرو Vendor Cyber Rating & Cyber Score

moe.gov.ir

Ministry of Energy, is the main organ of the Government in charge of the regulation and implementation of policies applicable to energy, electricity, water and wastewater services. -The ministry consists of five deputies as follows: Deputy for Research and Human Resources Deputy for Planning and Economic Affairs Deputy for Electricity and Energy Deputy for Water and Wastewater Deputy for Support, Legal, and Parliamentary Affairs


MEI A.I CyberSecurity Scoring

MEI
Company Information
Website:http://www.moe.gov.ir/
Employees number:187
Number of followers:1,115
NAICS:211
Industry Type:Oil and Gas
Homepage:moe.gov.ir
MEI Risk Score (AI oriented)
Between 650 and 699
logo
MEIOil and Gas
Updated:
06/05/2026
696/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
MEI Global Score (TPRM)
xxxx
logo
MEIOil and Gas
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

MEI
MEIWeak
Current Score
696B (WEAK)
01000
3 incidents
-24.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
700Before Incident
JUNE 2026
700Before Incident
MAY 2026
696Before Incident
APRIL 2026
696Before Incident
MARCH 2026
714Before Incident
Cyber Attack
01 Mar 2026MEI
BadeSaba: Hackers hit Iranian apps, websites after US-Israeli strikes

Cyber Retaliation Likely as U.S.-Israeli Strikes Trigger Iranian Digital Disruptions

693After Incident
CRITICAL-21
BAD1772389516
Cyber Retaliation Likely as U.S.-Israeli Strikes Trigger Iranian Digital Disruptions On March 1, 2026, a series of cyber operations unfolded alongside joint U.S.-Israeli airstrikes targeting Iran, signaling potential escalation in digital warfare. Cybersecurity experts reported multiple breaches, including the hack of BadeSaba, a widely used Iranian religious app with over 5 million downloads. The app displayed messages urging armed forces to disarm and join civilians, while other compromised news websites broadcast similar calls for accountability. Internet connectivity in Iran experienced sharp drops at 0706 GMT and 1147 GMT, according to Doug Madory of Kentik, with only minimal service remaining. The Jerusalem Post reported cyberattacks on Iranian government and military systems, though Reuters could not independently verify these claims. Security researchers noted the strategic targeting of BadeSaba, as its user base primarily religious and pro-government made it a high-impact platform for psychological operations. Cybersecurity firms warned of impending retaliation, with Sophos’ Rafe Pilling highlighting potential tactics, including amplified data breaches, unsophisticated industrial system compromises, and direct offensive cyber operations. Pro-Iranian hacktivist groups, known for past hack-and-leak campaigns, ransomware, and DDoS attacks, have already issued calls to action, per Halcyon’s Cynthia Kaiser. CrowdStrike observed reconnaissance and DDoS activity from Iranian-aligned actors, while Anomali reported state-backed Iranian groups deploying "wiper" attacks against Israeli targets ahead of the strikes. Despite Iran’s reputation as a cyber threat alongside Russia and China, its past responses to physical attacks have been limited. Following U.S. strikes on Iranian nuclear sites in June, cyber retaliation was minimal, with only a brief disruption in Albania’s capital, Tirana. However, the current escalation suggests a shift toward more aggressive digital countermeasures.
INCIDENT DETAILS -
TYPE
Cyber EspionagePsychological OperationDDoSWiper Attack
MOTIVATION
RetaliationPsychological WarfareDisruption
IMPACT
BadeSaba AppIranian Government SystemsMilitary SystemsNews WebsitesDowntime: Sharp drops in internet connectivity at 0706 GMT and 1147 GMTOperational Impact: Minimal internet service remaining in IranBrand Reputation Impact: High (psychological impact on pro-government users)
FEBRUARY 2026
714Before Incident
JANUARY 2026
739Before Incident
Cyber Attack
01 Jan 2026MEI
Ministry of Justice: MuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack

Iranian State-Backed Hackers Masquerade as Ransomware Group in False Flag Attack

711After Incident
CRITICAL-28
IRA1778078883
Iranian State-Backed Hackers Masquerade as Ransomware Group in False Flag Attack In early 2026, cybersecurity firm Rapid7 uncovered a sophisticated ransomware attack attributed to MuddyWater an Iranian state-sponsored hacking group also known as Mango Sandstorm, Seedworm, and Static Kitten. The operation, however, was a false flag, designed to mimic the tactics of the Chaos ransomware-as-a-service (RaaS) group while serving Iranian strategic objectives. The attack began with high-touch social engineering via Microsoft Teams, where threat actors used interactive screen-sharing to harvest credentials and bypass multi-factor authentication (MFA). Unlike typical ransomware campaigns, the group forwent file encryption, instead focusing on data exfiltration and long-term persistence through remote management tools like DWAgent and AnyDesk. MuddyWater’s shift toward off-the-shelf cybercrime tools including CastleRAT and Tsundokere has been documented by multiple security firms, complicating attribution. This tactic aligns with past behavior: in 2020, the group deployed Thanos ransomware via the PowGoop loader in attacks on Israeli organizations, and in 2023, it collaborated with DEV-1084 (linked to the DarkBit persona) to conduct destructive attacks under the guise of ransomware. By October 2025, MuddyWater was observed using Qilin ransomware against an Israeli government hospital, further blurring the line between state-sponsored and criminal activity. The Chaos RaaS group, which emerged in early 2025, employs a double extortion model, combining data theft with threats of DDoS attacks and customer/competitor leaks to pressure victims. As of March 2026, Chaos had claimed 36 victims, primarily in the U.S., targeting sectors like construction, manufacturing, and business services. The group’s tactics include vishing via Teams, impersonating IT support to trick victims into installing Microsoft Quick Assist or other remote access tools. In the attack analyzed by Rapid7, MuddyWater initiated external Teams chat requests, luring employees into screen-sharing sessions. Once inside, the threat actors conducted reconnaissance, accessed VPN configurations, and deployed AnyDesk for persistence. They also used RDP to download a malicious executable (ms_upd.exe) from a command-and-control (C2) server, triggering a multi-stage infection chain that delivered a custom remote access trojan (RAT) disguised as a Microsoft WebView2 application. The malware game.exe (Darkcomp) connected to a C2 server every 60 seconds, enabling command execution, file operations, and PowerShell script deployment. The attack’s link to MuddyWater was confirmed through a code-signing certificate attributed to "Donald Gay", previously used to sign other malware, including the CastleLoader downloader (Fakeset). The incident underscores the growing convergence of state-sponsored and cybercriminal tactics, with threat actors leveraging RaaS frameworks to obscure attribution and delay defensive responses. The absence of file encryption despite Chaos ransomware artifacts suggests the ransomware component was used primarily for obfuscation, not financial gain. Meanwhile, Iranian-linked cyber operations continue to escalate. Security firm Hunt.io revealed an Omani government breach, where attackers exfiltrated 26,000 Ministry of Justice records, judicial case data, and registry hives from an open directory on a UAE-based VPS. Pro-Iran hacktivist group Handala Hack also claimed attacks on U.S. Navy personnel and the Port of Fujairah, leaking 11,000 sensitive documents including shipping records and customs data potentially enabling physical targeting by Iranian forces. Check Point Research noted that these campaigns reflect a shift from intelligence gathering to kinetic impact, with cyber operations now directly supporting military objectives. The pattern suggests that periods of relative quiet in physical conflicts are followed by intensified cyber activity, marking the most serious escalation to date.
INCIDENT DETAILS -
TYPE
ransomwarefalse flagstate-sponsored
MOTIVATION
strategic objectivesdata exfiltrationlong-term persistenceobfuscation of attribution
IMPACT
VPN configurationsremote access toolscommand-and-control serversreconnaissancepersistence establishmentdata exfiltration
DATA BREACH
judicial case dataregistry hivessensitive documentsshipping recordscustoms datapersonnel records26,000 (Omani Ministry of Justice)11,000 (Port of Fujairah, U.S. Navy)Sensitivity Of Data: high
DECEMBER 2025
739Before Incident
NOVEMBER 2025
738Before Incident
OCTOBER 2025
738Before Incident
SEPTEMBER 2025
737Before Incident
AUGUST 2025
737Before Incident
JUNE 2025
746Before Incident
Cyber Attack
18 Jun 2025MEI
Ministry of Economic Affairs and Finance: Israel-Iran Conflict Sparks Wider Cyber Conflict, New Malware

Cyber Conflict Escalation in Middle East: Israel-Iran Hacktivism Surge

735After Incident
CRITICAL-11
IRA1767601584
Escalating Cyber Conflict in the Middle East as Israel-Iran Tensions Fuel Hacktivist Surge The June 13 Israeli strikes on Iranian nuclear and military targets have triggered a sharp escalation in cyber warfare across the Middle East, with hacktivist groups launching a wave of attacks targeting Israel and regional allies. Between June 13 and 17, threat intelligence firm Cyble documented cyber operations by 74 hacktivist groups, over 90% of which are pro-Iran, focusing primarily on Israeli infrastructure while also striking entities in Egypt, Jordan, the UAE, Pakistan, and Saudi Arabia. ### Targets and Tactics Israel bore the brunt of the attacks, with government, defense, media, telecom, finance, education, and emergency services sectors hit by DDoS attacks, website defacements, unauthorized access, data breaches, and ransomware/wiper malware campaigns. Notable incidents included: - Five ransomware/extortion attacks by Handala Group against Israeli media, telecom, construction, education, and chemical/energy organizations, with data samples leaked in two cases. - A ransomware/wiper executable ("encryption.exe") attributed to the previously unknown Anon-g Fox, which checks for Israel Standard Time (IST) and Hebrew language settings before executing—terminating if conditions aren’t met. - A banking malware campaign (IRATA) targeting 50+ Iranian financial and crypto apps, impersonating government entities like the Judicial System of Iran and the Ministry of Economic Affairs. The malware steals credentials, account balances, and card data while remotely controlling infected devices. Other documented attacks included 34 DDoS incidents, five defacements, two data breaches, and four credential leaks, with groups like Anonymous Guys, Arabian Ghosts, and GhostSec actively participating. Hashtags such as #OpIsrael, #FreePalestine, and #SupportIran dominated the campaigns, reflecting ideological alignment with pro-Palestinian and pro-Iranian narratives. ### Information Warfare and Psychological Tactics Beyond technical attacks, hacktivist groups leveraged Telegram channels to amplify geopolitical messaging, reposting claims from allied collectives to project decentralized coordination. Content streams featured pro-Iranian and pro-Palestinian propaganda, including missile strike footage and graphic images of Iranian casualties, blurring the line between cyber operations and psychological warfare. ### Regional Spillover and Broader Implications The conflict’s cyber dimension has extended beyond Israel and Iran, with Egypt, Jordan, Saudi Arabia, and the UAE facing collateral attacks. The U.S. had previously linked CyberAv3ngers (Mr. Soul), an IRGC-affiliated threat actor, to critical infrastructure attacks, underscoring the global reach of state-aligned hacktivism. As hacktivist groups exploit geopolitical tensions to advance ideological agendas, the surge in ransomware, wipers, and banking malware signals a shift toward more disruptive and financially motivated tactics in the region’s cyber landscape.
INCIDENT DETAILS -
TYPE
DDoSWebsite DefacementUnauthorized AccessData BreachRansomwareWiper MalwareBanking Malware
MOTIVATION
GeopoliticalPro-PalestinianPro-IranianAnti-WesternIdeological
IMPACT
Data Compromised: Banking and cryptocurrency data, personally identifiable information, credentialsGovernmentDefenseMediaTelecomFinanceEducationEmergency servicesCryptocurrency exchangesChemical/EnergyOperational Impact: Disruption of services, unauthorized access, data exfiltrationBrand Reputation Impact: Significant (defacements, data leaks, ransomware claims)Identity Theft Risk: High (banking data, PII exposed)Payment Information Risk: High (card data, bank account details harvested)
DATA BREACH
Banking dataCryptocurrency dataPersonally identifiable informationCredentialsCard dataSensitivity Of Data: High (financial, PII, government-related)Data Exfiltration: Yes (claimed by Handala Group)Data Encryption: Yes (ransomware/wiper malware)Personally Identifiable Information: Yes (bank account numbers, balances, card data)

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for MEI ?
?
What was MEI's A.I Rankiteo Cyber Score in June 2026 ?
?
What was MEI's A.I Rankiteo Cyber Score in May 2026 ?
?
What was MEI's A.I Rankiteo Cyber Score in April 2026 ?
?
What was MEI's A.I Rankiteo Cyber Score in March 2026 ?
?
What was MEI's A.I Rankiteo Cyber Score in February 2026 ?
?
What was MEI's A.I Rankiteo Cyber Score in January 2026 ?
?
What was MEI's A.I Rankiteo Cyber Score in December 2025 ?
?
What was MEI's A.I Rankiteo Cyber Score in November 2025 ?
?
What was MEI's A.I Rankiteo Cyber Score in October 2025 ?
?
What was MEI's A.I Rankiteo Cyber Score in September 2025 ?
?
What was MEI's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on MEI's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with MEI ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view MEI's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?