The United States government has announced a $10 million bounty for credible information leading to the identification or location of an Iranian hacker operating under the pseudonym “Mr. Spirit.” The reward, announced by the State Department through its Rewards for Justice program, represents one of the highest publicly offered amounts for information on a single international cybercriminal.
The targeted hacker operates in connection with Iran’s Islamic Guard Corps and coordinates activities with IRGC-linked groups including Cyber Aveng3rs and Soldiers of Solomon. Intelligence officials indicate that “Mr. Spirit” functions both as a Telegram channel for recruiting hackers and as an operational identity for conducting cyber attacks against US and Israeli targets.
The announcement follows recent destructive cyber incidents attributed to Iranian-linked groups, with activity spiking particularly after the Hamas October 7 incidents. Security experts report that the hacker exploits known Microsoft Exchange vulnerabilities to compromise organizations with unpatched systems, then disseminates victim lists through messaging platforms to coordinate collective targeting among volunteer hackers.
Among the high-profile attacks linked to “Mr. Spirit” is the breach of a Pennsylvania water facility, which forced the utility to switch to manual operations. The incident exemplifies the hacker’s focus on critical infrastructure targets, including US water facilities and government-related entities. Cybersecurity analysts note that during these incidents frequently claim significant damage, their real-world impact often remains limited.
The hacker’s operations serve multiple strategic objectives for the Iranian regime, including disruption, propaganda, and psychological warfare against adversaries. The “Mr. Spirit” channel employs crowdsourced attack methodologies, recruiting lower-level hackers to expand Iran’s cyber capabilities while attempting to demonstrate technical prowess to both external and domestic audiences.
Law enforcement officials characterize the hacker’s tactics as involving both data breaches and destructive malware deployment campaigns. The activities typically include website defacements and posting politically charged messages, with operations intensifying during periods of geopolitical tension, particularly around Israel-Gaza conflicts. The bounty announcement highlights the US government’s commitment to addressing significant cyber threats to American interests. This investment in cybersecurity reflects the increasing priority governments place on protecting national infrastructure from sophisticated threat actors.
