The U.S. Department of State has announced a reward of up to $10 million for information that helps identify or locate a hacker known as “Mr. Soul” or “Mr. Soll.” This individual is believed to be part of CyberAv3ngers, a hacking group linked to Iran’s Islamic Revolutionary Guard Corps’ Cyber-Electronic Command.

CyberAv3ngers has been deploying a piece of malware called IOCONTROL to infiltrate industrial control systems and operational technology devices. These include routers, programmable logic controllers (PLCs), human‑machine interfaces, firewalls, IP cameras, and Linux-based IoT platforms. The group has targeted critical infrastructure sectors globally, including water utilities in the United States and Israel. By exploiting default credentials, they managed to compromise programmable logic controllers, sometimes displaying politically charged messages on screen.

In October and February 2025, six IRGC members were sanctioned in connection with these operations. The new reward focuses on gathering information on the individual behind the “Mr. Soul” alias and the broader group’s activities.

Authorities also note that IOCONTROL is not entirely new—it had surfaced under different names in late 2023. Security researchers have found that the malware operates as a Linux ARM backdoor embedded in various OT and IoT devices, allowing remote control and network movement.

‍

Source: https://industrialcyber.co/industrial-cyber-attacks/us-offers-10-million-for-intel-on-iran-linked-hacker-in-ics-malware-campaign-against-critical-infrastructure/