The Leader of CharmingKitten
Heading the CharmingKitten operation is Abbas Rahrovi, also known by the alias Abbas Hosseini.Abbas Rahrovi
National Number: 4270844116Role: IRGC official and director of CharmingKitten APT operationsStatus: Operating as a “shadow man” through front companies
Operational Structure
Abbas Rahrovi has established several front companies in recent years through which he manages the APT operations. These companies provide:- Operational cover for cyber espionage activities
- Financial infrastructure for the organization
- Legal protection under Iranian corporate law
- Recruitment channels for cyber operators
Attack Campaigns Directed
Over the years, Abbas Rahrovi has directed attacks against dozens of high-value targets:Target Categories
Telecommunications
Strategic infrastructure providing surveillance and intelligence gathering capabilities.
Aviation Industry
Airlines and aviation companies across the Middle East and Gulf region.
Intelligence Services
Counter-intelligence operations against regional security organizations.
Additional Sectors
Various other high-value targets supporting IRGC intelligence objectives.
Geographic Focus
Rahrovi’s operations have primarily focused on:- Turkey - Ongoing operations against government and corporate targets
- United Arab Emirates - Extensive targeting of UAE entities
- Qatar - Intelligence gathering operations
- Afghanistan - Regional intelligence collection
- Israel - Cyber espionage campaigns
- Jordan - Targeting government and security services
- Other Middle East and Gulf countries
Command Structure
Abbas Rahrovi operates within a clear chain of command:Targeting of Iranian Dissidents
Under the guidance of the head of the Counterintelligence Division, Rahrovi’s APT has also targeted and tracked:Iranian Citizens Within Iran
Iranian Citizens Within Iran
Individuals identified by the regime as potential threats or opponents within Iran’s borders.
Iranian Exiles Abroad
Iranian Exiles Abroad
Iranians living abroad who have been labeled as “regime opponents” by IRGC intelligence.
This targeting demonstrates the dual mission of the Counterintelligence Division: both international espionage and domestic/diaspora surveillance operations.
The Shadow Man Exposed
Operating in the Shadows
Abbas Rahrovi believed he was operating under the protective cover of the IRGC, using front companies and aliases to hide his identity.
Public Exposure
Through this exposure, Rahrovi and his network are now recognized worldwide as agents of the IRGC engaged in state-sponsored cyber espionage.
Front Companies Network
Rahrovi established multiple front companies to:- Provide operational cover for cyber activities
- Recruit technical personnel without revealing IRGC connections
- Manage financial flows for the APT operations
- Acquire infrastructure including servers and domains
- Create legal barriers to international investigation
Future episodes will reveal additional details about specific front companies, their structures, and how they facilitated CharmingKitten’s operations.
Impact of Exposure
The public identification of Abbas Rahrovi has several significant consequences:- Attribution certainty - Direct link between attacks and IRGC leadership
- Operational disruption - Compromised infrastructure and methods
- International pressure - Evidence for sanctions and diplomatic action
- Recruitment difficulties - Harder to recruit operators who fear exposure
- Political embarrassment - Public proof of Iranian state-sponsored cyber attacks
Next: Evidence Overview
Explore the documents, photos, and files that prove CharmingKitten’s malicious activities
Ongoing Exposure
The exposure of Abbas Rahrovi in Episode 1 is just the beginning. Subsequent episodes continue to reveal:- Additional operatives working under Rahrovi
- Specific attack campaigns directed by the leadership
- Technical infrastructure used in operations
- Communication records between team members
- Personal information about the individuals involved