FRESH AIR

Iranian Cybercrime Remains and Expands

April 2, 2019 | Oved Lobel

Iran Cyber 2

Microsoft has become the latest large private company to declare war against Iranian cybercriminals working directly for or on behalf of the Islamic Revolutionary Guard Corps (IRGC) or Ministry of Intelligence. Microsoft said it had been tracking the hacking group – alternatively dubbed Phosphorus, Charming Kitten, or APT35 –  since 2013 and had seized 99 websites being utilised to spy on activists, journalists, defence officials, dissidents, and a range of others throughout the Middle East. The company sued the group in the US District Court in Washington for damages incurred by hacking their clients and computer networks.

Iran has become a steadily more prominent and dangerous actor in cyberspace. While the Australian Signals Directorate (ASD) says the investigation into the sweeping hack of Australian parliamentary systems and political parties is ongoing and won’t make an attribution, the US cybersecurity firm Resecurity claimed Iran was behind the hack, rather than China, and linked it to the Iranian cyberattack against the UK parliament in 2017, in which the email accounts of at least 90 MPs were compromised.

It is also possible that China, Russia, and Iran are all working together to target Five Eyes, the Western intelligence alliance between the US, UK, Canada, Australia and New Zealand. A recent report on the the Iranians hacking the cellphone of leading Israeli political candidate Gen. (res.) Benny Gantz alleged that Russia had given the Iranians the sophisticated technology necessary to conduct the attack. Meanwhile, there are suggestions that China and Iran cooperated to roll up and destroy CIA networks in both countries. In any case, Iran remains a sophisticated and malicious global actor in cyberspace in its own right, and has on several occasions attacked Australia, most recently attempting to steal information from the Australian shipbuilder and defence contractor Austal.

Meanwhile, Facebook announced on March 26 that it had “removed 513 Pages, Groups and accounts for engaging in coordinated inauthentic behavior as part of multiple networks tied to Iran. They operated in Egypt, India, Indonesia, Israel, Italy, Kazakhstan or broadly across the Middle East and North Africa.” These consisted of “158 Pages, 263 Facebook accounts, 35 Groups and 57 Instagram accounts.” According to Facebook, “About 1.4 million accounts followed one or more of these Pages, about 108,000 accounts joined at least one of these Groups and around 38,000 accounts followed one or more of these Instagram accounts.” Between December 2013 and February 2019, about US$15,000 was spent on ads by this Iranian network. Facebook has been one of several companies dismantling this sprawling Iranian propaganda effort since last year.

AIJAC has previously covered this expansive Iranian propaganda network, called “The International Union of Virtual Media.” In September 2018, we wrote:

In late August, Facebook, Twitter and Google announced that they had shut down dozens of accounts and pages on their respective platforms linked to an Iranian operation, which was launched at least as early as Jan. 2017, to influence public opinion in other countries. A Reuters investigation just released, confirmed by cyber-security firms ClearSky and FireEye Inc, which aided in the initial discovery, revealed that the Iranian operation was far larger than initially thought, consisting of dozens of websites, YouTube channels, and hundreds of social media accounts in multiple languages designed to amplify official Iranian and pro-Iranian, pro-Palestinian and pro-Assad regime propaganda. Google released a statement saying that “In addition to the intelligence we received from FireEye, our teams have investigated a broader range of suspicious actors linked to Iran who have engaged in this effort.” Facebook is still investigating and taking down further pages and accounts linked to the operation.’

With each passing month since then, new revelations have demonstrated the staggering reach of Iran’s disinformation campaigns and potent offensive cyber capabilities. It is unlikely the major tech companies are anywhere near uncovering, much less unravelling, the full extent of these operations.

RELATED ARTICLES

(image: Shutterstock/Svet Foto)

Military strikes alone won’t stop the Houthis without direct pressure on Iran

Mar 20, 2025 | Featured, Fresh AIR
Image: X

Pay-for-Slay is likely still Pay-for-Slay

Mar 7, 2025 | Fresh AIR
Image: X

The missing pieces of the Thai hostages story

Feb 21, 2025 | Fresh AIR
Damaged section of Kamal Adwan Hospital (image: World Health Organisation)

The latest IDF raid on the Kamal Adwan Hospital debunks absurd UN report

Jan 9, 2025 | Featured, Fresh AIR
Iran's Supreme Leader Ali Khamenei (left), the late Hezbollah Secretary-General Hassan Nasrallah and the late commander of the IRGC's Qods Force Qassem Soleimani

The Axis of Resistance is not dead yet

Dec 19, 2024 | Featured, Fresh AIR
Iranian women being ushered into a van by "Morality police" (Image: X)

Iranian human rights have significantly worsened since the “Woman, Life, Freedom” protests

Dec 18, 2024 | Featured, Fresh AIR
D11a774c 2a47 C987 F4ce 2d642e6d9c8d

Bibi in DC, the Houthi threat and the politicised ICJ opinion

Jul 26, 2024 | Update
Image: Shutterstock

Nine months after Oct. 7: Where Israel stands now

Jul 10, 2024 | Update
Palestinian Red Crescent workers from Al-Najjar Hospital in the city of Rafah, south of the Gaza Strip (Image: Shutterstock)

Hamas’ impossible casualty figures

Mar 28, 2024 | Update
455daec3 C2a8 8752 C215 B7bd062c6bbc

After the Israel-Hamas ceasefire for hostages deal

Nov 29, 2023 | Update
Screenshot of Hamas bodycam footage as terrorists approach an Israeli vehicle during the terror organisation's October 7, 2023 attack in southern Israel, released by the IDF and GPO (Screenshot)

Horror on Video / International Law and the Hamas War

Oct 31, 2023 | Update
Sderot, Israel. 7th Oct, 2023. Bodies of dead Israelis lie on the ground following the attacks of Hamas (Image: Ilia Yefimovich/dpa/Alamy Live News)

Israel’s Sept. 11, only worse

Oct 11, 2023 | Update
Screenshot 2025 03 28 At 11.35.48 AM

The day after the end of the Gaza war – and the new opportunities it presents: Ehud Yaari at the Sydney Institute

Mar 28, 2025 | Featured, Video
Screenshot

Jonathan Conricus in conversation with Joel Burnie

Feb 24, 2025 | Featured, Video
Sydney, January 2025 (Image: X)

Reacting to the latest antisemitic attacks: Colin Rubenstein on SBS Hebrew radio

Feb 3, 2025 | Video
Screenshot

Antisemitic bomb plot “a massive escalation”: Colin Rubenstein on Sky News

Jan 30, 2025 | Featured, Video
(Image: screenshot)

Antisemitism database “first step of many more that need to be taken”: Dr Colin Rubenstein on ABC TV

Jan 22, 2025 | Featured, Video
Screenshot 2024 12 20 At 12.44.43 PM

AIJAC speaks out against hate… Will you join us?

Dec 20, 2024 | Featured, Video

RECENT POSTS

A “deep well of hatred” in segments of the Muslim community contributed to the recent outburst  of extremism and antisemitism in Australia (Image: Diana Zavaleta/ Shutterstock)

Essay: The Politics of Hatred

Iranian President Masoud Pezeshkian (left) may hint at agreeing to nuclear negotiations, but it is Supreme Leader Ali Khamenei (right) who will ultimately make the decision (Image: Khamenei.ir)

Iran: Moving beyond diplomatic delusions

A statue of Moses holding the Ten Commandments (Image: Shutterstock)

The Last Word: One Story

Israeli PM Netanyahu controversially announces he needs to fire Shit Bet chief Ronen Bar (Screenshot)

Marching toward controversy and division

With leader Alice Weidel, Germany's Alternative für Deutschland (AfD) have a presentable face, but Europe's Jewish communities remain wary of far right populism (Image: Shutterstock)

Europa Europa: Going to extremes

SORT BY TOPICS