A data leak exposed the personal details of over 1,000 individuals linked to Ravin Academy, an Iranian cyber institute tied to state-backed hacking group APT34 (MuddyWater/OilRig). The breach, published by activist Nariman Gharib, included names, national ID numbers, phone numbers, Telegram usernames, and other sensitive information—many belonging to scientists, engineers, and academics potentially unaware of their association with Iran’s Ministry of Intelligence and Security (MOIS). The leak occurred during Ravin’s Technology Olympiad, a state-backed event, and was framed by Iranian officials as a foreign attack to undermine national security.The exposed records reveal Ravin’s role as a recruitment pipeline for offensive cyber operations, with evidence linking it to exploits (e.g., CVE-2020-0688, CVE-2020-1472) later used by APT34. The breach raises ethical concerns about unwitting civilian involvement in state-sponsored cyber warfare and risks of academic/industrial espionage under the guise of collaboration. Western experts warn of reputational damage to global universities and tech firms partnered with such institutions, though Iran’s cyber ambitions are unlikely to be deterred. The incident aligns with Iran’s history of high-profile attacks, including those on Israeli critical infrastructure and multinational corporations.

Ravin Academy, an Iranian state-sponsored institution established in 2019 to train cybersecurity specialists for Iran’s Ministry of Intelligence (MOIS), suffered a data breach exposing sensitive personal information of its associates and students. The leaked data—confirmed by the academy—includes names, phone numbers, Telegram usernames, and national ID numbers of participants, some of whom are academics affiliated with Western universities. Additional non-public details, such as class attendance records, were also compromised but not fully disclosed. The breach was publicly exposed by UK-based activist Nariman Gharib, who published the data online, further damaging the academy’s reputation and Iran’s cybersecurity standing.The attack targeted an online platform hosted by Ravin, with the timing suggesting an intent to undermine confidence in Iranian security. The academy, already sanctioned by the UK, US, and EU for ties to MOIS-linked cyber groups like MuddyWater/APT34, faces heightened scrutiny. The leaked data reveals connections between Ravin’s founders (Farzin Karimi Mazlganchai and Seyed Mojtaba Mostafavi) and state-sponsored cyber operations, reinforcing concerns over Iran’s cyber warfare capabilities. The breach not only risks operational security for MOIS but also exposes individuals—including professors in STEM fields—to potential retaliation or espionage risks.Given Ravin’s role in training cyber operatives for geopolitical attacks (e.g., Albania’s 2022 infrastructure disruption), the breach could compromise future MOIS operations and deter recruitment, while emboldening adversaries targeting Iran’s cyber programs.