Yesterday, we found that Iran’s geospatial data had been listed for sale on BreachForums, a well-known cybercrime marketplace. The listing, made by a user going bu the alias “natsec”, claims to offer sensitive information related to more than 350 critical infrastructure sites across Iran.
The leak comes at a time of escalating tensions between Iran and the United States, with renewed friction over Iran’s nuclear program. If verified, the breach could represent a serious intelligence breach- either by Iranian authorities or involving classified intelligence from western agencies.
Key Details
The source of the leak identifies themselves as “Cyrus Tem.”
The “Leak” channel on Breach Forums has explicitly stated that it is acting only as a distributor, and not responsible for the original breach.
No evidence has yet been provided to independently verify the authenticity of the data
What’s Allegedly Included
The listing claims to contain:
- 3,600 records across 350+ sensitive sites
- 45 nuclear-related facilities
- 28 mines
- 120 missile bases
- 65 drone bases
- 40 research centers
- 52 military installations
The seller alleges the data includes coordinates, infrastructure layouts, and operational details.
The Unknowns
While the data appears highly sensitive, its origin remains unclear.
It is not yet known whether the breach:
- Stemmed from Iran’s own internal networks
- Originated from a Western intelligence operation (e.g., CIA, MI6, or Five Eyes surveillance)
- Was sourced from an independent or regional actor(e.g., Mossad)
Its to be noted that, last year, documents believed to be from a Five Eyes intelligence leak exposed sensitive military planning of Israeli Airforce ahead of tensions between Iran and Israel. Some similarities to this case have been noted, though mainstream media has not yet covered the current leak.
