The Overlooked Arm
Division 190 runs countersniper operations for IRGC Quds Force units in Syria. They run HUMINT collection against dissident communities in Europe and North America. And they have been running persistent access into American utility infrastructure since at least 2019.
FireEye attributed those intrusions to Chinese actors in 2021. The technical community knew what that meant. Anyone watching knew.
The IRGC does not need to launch a destructive attack to cycle capital. Waiting is the strategy. Collect now. Position for later. The attack you prevent is more valuable than the one you execute.
The 2021 Colonial Pipeline event focused minds. But Colonial was unsophisticated—smash and grab with ransomware. IRGC Division 190 does not drop ransomware. They establish quiet persistent access. They map. They wait.
What Is Actually at Stake
Industrial control systems in American water treatment. Gas metering infrastructure. Substation automation. That is where IRGC is. Not in your emails. In your pipes.
Every year Division 190 does not execute a destructive operation inside American critical infrastructure, they accumulate more access, more understanding, more capability. We need to name this clearly: Iran is in our infrastructure. They have been for years.
