FRESH AIR

Iranian Cybercrime Remains and Expands

Apr 2, 2019 | Oved Lobel

Iran Cyber 2

Microsoft has become the latest large private company to declare war against Iranian cybercriminals working directly for or on behalf of the Islamic Revolutionary Guard Corps (IRGC) or Ministry of Intelligence. Microsoft said it had been tracking the hacking group – alternatively dubbed Phosphorus, Charming Kitten, or APT35 –  since 2013 and had seized 99 websites being utilised to spy on activists, journalists, defence officials, dissidents, and a range of others throughout the Middle East. The company sued the group in the US District Court in Washington for damages incurred by hacking their clients and computer networks.

Iran has become a steadily more prominent and dangerous actor in cyberspace. While the Australian Signals Directorate (ASD) says the investigation into the sweeping hack of Australian parliamentary systems and political parties is ongoing and won’t make an attribution, the US cybersecurity firm Resecurity claimed Iran was behind the hack, rather than China, and linked it to the Iranian cyberattack against the UK parliament in 2017, in which the email accounts of at least 90 MPs were compromised.

It is also possible that China, Russia, and Iran are all working together to target Five Eyes, the Western intelligence alliance between the US, UK, Canada, Australia and New Zealand. A recent report on the the Iranians hacking the cellphone of leading Israeli political candidate Gen. (res.) Benny Gantz alleged that Russia had given the Iranians the sophisticated technology necessary to conduct the attack. Meanwhile, there are suggestions that China and Iran cooperated to roll up and destroy CIA networks in both countries. In any case, Iran remains a sophisticated and malicious global actor in cyberspace in its own right, and has on several occasions attacked Australia, most recently attempting to steal information from the Australian shipbuilder and defence contractor Austal.

Meanwhile, Facebook announced on March 26 that it had “removed 513 Pages, Groups and accounts for engaging in coordinated inauthentic behavior as part of multiple networks tied to Iran. They operated in Egypt, India, Indonesia, Israel, Italy, Kazakhstan or broadly across the Middle East and North Africa.” These consisted of “158 Pages, 263 Facebook accounts, 35 Groups and 57 Instagram accounts.” According to Facebook, “About 1.4 million accounts followed one or more of these Pages, about 108,000 accounts joined at least one of these Groups and around 38,000 accounts followed one or more of these Instagram accounts.” Between December 2013 and February 2019, about US$15,000 was spent on ads by this Iranian network. Facebook has been one of several companies dismantling this sprawling Iranian propaganda effort since last year.

AIJAC has previously covered this expansive Iranian propaganda network, called “The International Union of Virtual Media.” In September 2018, we wrote:

In late August, Facebook, Twitter and Google announced that they had shut down dozens of accounts and pages on their respective platforms linked to an Iranian operation, which was launched at least as early as Jan. 2017, to influence public opinion in other countries. A Reuters investigation just released, confirmed by cyber-security firms ClearSky and FireEye Inc, which aided in the initial discovery, revealed that the Iranian operation was far larger than initially thought, consisting of dozens of websites, YouTube channels, and hundreds of social media accounts in multiple languages designed to amplify official Iranian and pro-Iranian, pro-Palestinian and pro-Assad regime propaganda. Google released a statement saying that “In addition to the intelligence we received from FireEye, our teams have investigated a broader range of suspicious actors linked to Iran who have engaged in this effort.” Facebook is still investigating and taking down further pages and accounts linked to the operation.’

With each passing month since then, new revelations have demonstrated the staggering reach of Iran’s disinformation campaigns and potent offensive cyber capabilities. It is unlikely the major tech companies are anywhere near uncovering, much less unravelling, the full extent of these operations.

RELATED ARTICLES


Iranian women being ushered into a van by "Morality police" (Image: X)

Iranian human rights have significantly worsened since the “Woman, Life, Freedom” protests

Dec 18, 2024 | Featured, Fresh AIR
(image: Andy.LIU/Shutterstock)

A Fork in the Road for Lebanon

Dec 16, 2024 | Featured, Fresh AIR
French UNIFIL troops on patrol in southern Lebanon in April 2015 (image: Sebastian Castelier/ Shutterstock)

UNIFIL, the LAF and the myth of Lebanese sovereignty

Nov 13, 2024 | Featured, Fresh AIR
GbVvR9GWgAAfPGb (1)

“Backbone”? UNRWA delivers just 13% of the aid in Gaza

Nov 8, 2024 | Featured, Fresh AIR
The sentiment is clear on the streets of Kuala Lumpur (Image: Shutterstock)

Malaysia’s recalcitrant antisemitism

Nov 8, 2024 | Featured, Fresh AIR
Screenshot 2024 02 08 At 9.45.23 pm

Gaza polio clinic blast coverage a classic case of ABC bias

Nov 7, 2024 | Featured, Fresh AIR

RECENT POSTS

Iranian women being ushered into a van by "Morality police" (Image: X)

Iranian human rights have significantly worsened since the “Woman, Life, Freedom” protests

Voting in the UN General Assembly (Screenshot)

A black day for the international community

Image: Shutterstock

Australia is abandoning Israel

Few Syrians can even remember their country before the Assad family took control (Image: Shutterstock)

With Assad gone, what’s next?

Screenshot

The toon boom since October 7

Iranian women being ushered into a van by "Morality police" (Image: X)

Iranian human rights have significantly worsened since the “Woman, Life, Freedom” protests

Voting in the UN General Assembly (Screenshot)

A black day for the international community

Image: Shutterstock

Australia is abandoning Israel

Few Syrians can even remember their country before the Assad family took control (Image: Shutterstock)

With Assad gone, what’s next?

Screenshot

The toon boom since October 7

SORT BY TOPICS