FRESH AIR

Iran’s continuing cyber-mischief during the coronavirus crisis 

May 12, 2020 | Oved Lobel

Istock 803260700

 

Iranian hackers and propaganda networks have been working overtime during the novel coronavirus pandemic. In the first week of May, Israel’s ClearSky cybersecurity reportedly discovered the attempted and possibly successful hack of American biopharmaceutical company Gilead Sciences, the producer of one of the most promising potential COVID-19 treatments, the antiviral drug Remdesivir. According to ClearSky’s Ohad Zaidenberg, “they are acting against the infrastructure of the American research institute Gilead, and we determined that they are trying to hurt other research bodies that are dealing with coronavirus, including in Israel.”  

Iran has vigorously denied its involvement, with UN envoy Alirez Miryousefi declaring, “The Iranian government does not engage in cyber warfare. Cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.” 

Earlier in May, the UK reported that Iran was among a small group of hostile states, including Russia and potentially China, trying to hack British universities and scientific facilities researching COVID-19. This followed reports in April that Iran-linked hackers had tried to break into the email accounts of World Health Organisation (WHO) staff, which Iran also loudly denied, saying the reports were “sheer lies to put more pressure on Iran.”   

All of these cyber-espionage campaigns are reportedly the work of an Iranian hacking group dubbed “Charming Kitten.” As AIJAC covered in its February overview of Iranian cyber-activity, “Charming Kitten” members posed as journalists and set up non-existent events or bogus interviews for the targets of their activity, who were mostly Iranian expats and Israeli researchers. ClearSky and two other firms, Certfa and SecureWorks, linked several incidents to the group “which has masqueraded as well-known Wall Street JournalCNNIran International and Deutsche Welle journalists as well as inventing some of its own.” 

Perhaps even more serious than the espionage are the cyberattacks. Fox News first reported that Iran was behind an attempted cyberattack on Israel’s Water Authority in late April. The Washington Post, citing two foreign government officials, reported that “The hackers sought to cripple computers that control water flow and wastewater treatment for a pair of rural districts in Israel,” and that they’d routed the attacks through both the US and Europe. Sources did not describe the attack as sophisticated, and it was quickly detected and thwarted. Although the US Director of National Intelligence assessed Iran to have the same capabilities as Russia, China and North Korea when it comes to intruding into industrial control systems, it has yet to demonstrate the capability.  

While Israel has not officially confirmed Iran’s involvement, Israel’s Channel 13 reported that a high-level security cabinet meeting discussed the hack, with an unnamed official quoted as saying, “This is an attack that goes against all the codes of war. Even from the Iranians we didn’t expect something like this.” True to form, Iran’s UN envoy denied Iranian culpability, once again implausibly claiming that “The Iranian government does not engage in cyberwarfare.” 

On the propaganda front, Iran’s International Union of Virtual Media (IUVM), a global multilingual network of social media accounts and ostensibly local news websites first uncovered in 2018, has reportedly been very active in pushing coronavirus-related disinformation. True to its mission of “confronting…western governments and Zionism front activities,” the IUVM’s focus has been on blaming the US for the virus, mocking the US response and defending both Iran’s as well as China’s handling of the pandemic, according to an in-depth report by network analysis company Graphika A US State Department report in April warned of the convergence of  the coronavirus-related disinformation campaigns from Iran, Russia and China.  

Interestingly, much of the IUVM’s new accounts, websites, and pages seem to be focused on Africa, including “Ethiopianow,” “Durban Daily,” “@AfricaTruth1,” “AFtruth.com” and the likely related French-language page “Realite Afrique.” 

Facebook, meanwhile, took down a part of the Iranian social media propaganda network in May, as it does every few months, saying some of the accounts were linked to the Islamic Republic of Iran Broadcasting Corporation (IRIB). IRIB and IUVM run essentially like an echo chamber, with IRIB reports and cartoons rebroadcast under IUVM accounts and vice versa. According to Graphika’s chief innovation officer Camille Francois, “We do see these successive waves of takedowns across platforms being effective: While this operator continues to use social media for its campaigns, the scale is smaller every time we see them come back, and takedowns happen increasingly rapidly. That’s likely why we see this Iranian operator make heavier use of websites, and having a harder time promoting their campaigns on social media accounts.”  

The latest IUVM cluster taken down by Facebook had only about 5000 followers across all platforms. As the Graphika report noted, “The IUVM operation is significant and manned by a well-resourced and persistent actor, but its effectiveness should not be overstated.” 

RELATED ARTICLES


French UNIFIL troops on patrol in southern Lebanon in April 2015 (image: Sebastian Castelier/ Shutterstock)

UNIFIL, the LAF and myths about Lebanese sovereignty

Nov 13, 2024 | Featured, Fresh AIR
GbVvR9GWgAAfPGb (1)

“Backbone”? UNRWA delivers just 13% of the aid in Gaza

Nov 8, 2024 | Featured, Fresh AIR
The sentiment is clear on the streets of Kuala Lumpur (Image: Shutterstock)

Malaysia’s recalcitrant antisemitism

Nov 8, 2024 | Featured, Fresh AIR
Screenshot 2024 02 08 At 9.45.23 pm

Gaza polio clinic blast coverage a classic case of ABC bias

Nov 7, 2024 | Featured, Fresh AIR
Image: Shutterstock

The secret history of  UNIFIL’s relationship with Hezbollah

Nov 6, 2024 | Featured, Fresh AIR
Israeli Settlements Near Bethlehem

Report: Approvals for West Bank settlement expansion ‘stuck’

Nov 4, 2024 | Featured, Fresh AIR

RECENT POSTS

Screenshot 2024 11 20 At 4.49.05 PM

Australia out of step with US and other allies on UN vote: Joel Burnie on Sky News

UNRWA is portrayed as the “backbone” of Gaza aid efforts, but actually supplied only 13% of aid there over recent months (Image: Anas Mohammed/ Shutterstock)

An empire of perpetual suffering

Foreign Minister Penny Wong and PM Anthony Albanese have degraded our relationship with our most important Middle Eastern partner (Screenshot)

The consequences of Australia’s Mideast policy shifts since October 7

An extension of the Abraham Accords that saw a string of Middle Eastern countries making peace with Israel is likely to be a priority (Image: Whitehouse.gov/ Flickr)

Trump and the Middle East

French UNIFIL soldiers in southern Lebanon (Image: Shutterstock)

Lebanon: Optimism and obstacles

Screenshot 2024 11 20 At 4.49.05 PM

Australia out of step with US and other allies on UN vote: Joel Burnie on Sky News

UNRWA is portrayed as the “backbone” of Gaza aid efforts, but actually supplied only 13% of aid there over recent months (Image: Anas Mohammed/ Shutterstock)

An empire of perpetual suffering

Foreign Minister Penny Wong and PM Anthony Albanese have degraded our relationship with our most important Middle Eastern partner (Screenshot)

The consequences of Australia’s Mideast policy shifts since October 7

An extension of the Abraham Accords that saw a string of Middle Eastern countries making peace with Israel is likely to be a priority (Image: Whitehouse.gov/ Flickr)

Trump and the Middle East

French UNIFIL soldiers in southern Lebanon (Image: Shutterstock)

Lebanon: Optimism and obstacles

SORT BY TOPICS