Who is Mohammad Farhadzadeh ? In this article, we will take a look at the activities of a member of the cyber team “FAJR” who was involved in the attacks known as APT33 and APT34, Oilrig. According to our findings, Mohammad Farhadzadeh, as a Blackhat hacker, worked in this team, which is affiliated with the Ministry of Intelligence of the Islamic Republic of Iran or the Islamic Revolutionary Guard Corps, after disclosing his name and personal information in cyberspace as a cyber-criminal and Wanted by the US Federal Bureau of Investigation, he suspended all his public cyber accounts, but some of his activities have been indelible and traceable, which we will review and address in this article. Mohammad Farhadzadeh 1. Activity as a writer on the website memoryleaks.ir This website belongs to “Yashar Shahinzade”, a member of Ravin Academy, which is explained in the following link about its relationship with the Ministry of Intelligence of the Islamic Republic. “Mohammad Farhadzadeh” has registered articles in the field of cyber security on this site under the fake title “nullcon”, the link to which is available below. The information obtained shows that he continued to work in the field of security under the pseudonym until August 12, 2020. whois result of "memoryleaks.ir" Wroten articles by author name “thisisfarhadzadeh” act as “nullcon” username in memoryleaks.ir website 2. Holding training classes in the field of information security privately On the Evand.ir site, which is an Iranian system for holding webinars, we can find the name of this person as “thisisfarhadzadeh”, which, of course, has now been removed. but cache available in google. https://evand.com/organizations/thisisfarhadzadeh 3. Receive a reward for bug detection The username “thisisfarhadzadeh”, which belongs to “Mohammad Farhadzadeh”, is available on the website "kolahsefid.org", which is a website for detecting bugs in computer systems and receiving money for their submission. The case received a sum of money to detect the bug on July 7, 2020. 4.Github and so on We have found referenced linked to text “thisisfarhadzade” in this link, after navigation we realize that name changed from “thisisfarhadzade” to “TheSysOwner”. Medium.com article that contains reference to “thisisfarhadzade” GitHub repo “TheSysOwner” GitHub account also, we found telegram account with same name but we can’t identify it’s related to person we are talking about. telegram account with name “thisisfarhadzade” To be continued.