FRESH AIR

Iran’s continuing cyber-mischief during the coronavirus crisis 

May 12, 2020 | Oved Lobel

Istock 803260700

 

Iranian hackers and propaganda networks have been working overtime during the novel coronavirus pandemic. In the first week of May, Israel’s ClearSky cybersecurity reportedly discovered the attempted and possibly successful hack of American biopharmaceutical company Gilead Sciences, the producer of one of the most promising potential COVID-19 treatments, the antiviral drug Remdesivir. According to ClearSky’s Ohad Zaidenberg, “they are acting against the infrastructure of the American research institute Gilead, and we determined that they are trying to hurt other research bodies that are dealing with coronavirus, including in Israel.”  

Iran has vigorously denied its involvement, with UN envoy Alirez Miryousefi declaring, “The Iranian government does not engage in cyber warfare. Cyber activities Iran engages in are purely defensive and to protect against further attacks on Iranian infrastructure.” 

Earlier in May, the UK reported that Iran was among a small group of hostile states, including Russia and potentially China, trying to hack British universities and scientific facilities researching COVID-19. This followed reports in April that Iran-linked hackers had tried to break into the email accounts of World Health Organisation (WHO) staff, which Iran also loudly denied, saying the reports were “sheer lies to put more pressure on Iran.”   

All of these cyber-espionage campaigns are reportedly the work of an Iranian hacking group dubbed “Charming Kitten.” As AIJAC covered in its February overview of Iranian cyber-activity, “Charming Kitten” members posed as journalists and set up non-existent events or bogus interviews for the targets of their activity, who were mostly Iranian expats and Israeli researchers. ClearSky and two other firms, Certfa and SecureWorks, linked several incidents to the group “which has masqueraded as well-known Wall Street JournalCNNIran International and Deutsche Welle journalists as well as inventing some of its own.” 

Perhaps even more serious than the espionage are the cyberattacks. Fox News first reported that Iran was behind an attempted cyberattack on Israel’s Water Authority in late April. The Washington Post, citing two foreign government officials, reported that “The hackers sought to cripple computers that control water flow and wastewater treatment for a pair of rural districts in Israel,” and that they’d routed the attacks through both the US and Europe. Sources did not describe the attack as sophisticated, and it was quickly detected and thwarted. Although the US Director of National Intelligence assessed Iran to have the same capabilities as Russia, China and North Korea when it comes to intruding into industrial control systems, it has yet to demonstrate the capability.  

While Israel has not officially confirmed Iran’s involvement, Israel’s Channel 13 reported that a high-level security cabinet meeting discussed the hack, with an unnamed official quoted as saying, “This is an attack that goes against all the codes of war. Even from the Iranians we didn’t expect something like this.” True to form, Iran’s UN envoy denied Iranian culpability, once again implausibly claiming that “The Iranian government does not engage in cyberwarfare.” 

On the propaganda front, Iran’s International Union of Virtual Media (IUVM), a global multilingual network of social media accounts and ostensibly local news websites first uncovered in 2018, has reportedly been very active in pushing coronavirus-related disinformation. True to its mission of “confronting…western governments and Zionism front activities,” the IUVM’s focus has been on blaming the US for the virus, mocking the US response and defending both Iran’s as well as China’s handling of the pandemic, according to an in-depth report by network analysis company Graphika A US State Department report in April warned of the convergence of  the coronavirus-related disinformation campaigns from Iran, Russia and China.  

Interestingly, much of the IUVM’s new accounts, websites, and pages seem to be focused on Africa, including “Ethiopianow,” “Durban Daily,” “@AfricaTruth1,” “AFtruth.com” and the likely related French-language page “Realite Afrique.” 

Facebook, meanwhile, took down a part of the Iranian social media propaganda network in May, as it does every few months, saying some of the accounts were linked to the Islamic Republic of Iran Broadcasting Corporation (IRIB). IRIB and IUVM run essentially like an echo chamber, with IRIB reports and cartoons rebroadcast under IUVM accounts and vice versa. According to Graphika’s chief innovation officer Camille Francois, “We do see these successive waves of takedowns across platforms being effective: While this operator continues to use social media for its campaigns, the scale is smaller every time we see them come back, and takedowns happen increasingly rapidly. That’s likely why we see this Iranian operator make heavier use of websites, and having a harder time promoting their campaigns on social media accounts.”  

The latest IUVM cluster taken down by Facebook had only about 5000 followers across all platforms. As the Graphika report noted, “The IUVM operation is significant and manned by a well-resourced and persistent actor, but its effectiveness should not be overstated.” 

RELATED ARTICLES


Screenshot 2024 06 06 At 2.30.10 PM

Did Hamas accept ceasefire proposal? ABC can’t get its story straight

Jun 6, 2024 | Featured, Fresh AIR
Hamas leader Ismail Haniyeh meets Iranian Supreme Leader Ali Khamenei

Iran uses pro-Palestinian students and criminals as proxies

Jun 5, 2024 | Featured, Fresh AIR
Aid trucks heading into Gaza (Image: Shutterstock)

Rafah set to re-open, but aid had already been surging into Gaza without it

May 31, 2024 | Featured, Fresh AIR
GOranTQXcAAlpVx

New evidence continues to exonerate Israel in Rafah’s Tel al-Sultan tragedy

May 29, 2024 | Featured, Fresh AIR
GOlwuTPWsAEDkxt

What we currently know about Rafah’s Tel al-Sultan tragedy

May 28, 2024 | Featured, Fresh AIR
Malaysian PM Anwar with the late Iranian President Raisi in Kuala Lumpur, November 2023 (Image: Facebook/Anwar Ibrahim)

Malaysia’s role in supporting Iran’s terrorism

May 23, 2024 | Fresh AIR

SIGN UP FOR AIJAC EMAILS

RECENT POSTS

Swastika 39031 1280

Submission to the Senate Legal and Constitutional Affairs Committee inquiry into right wing extremist movements in Australia

Screenshot

Much of the Arab world knows Hamas ‘is the problem’: Colin Rubenstein on Sky News

Image: Shutterstock

Faith: Shavuot

Image: Shutterstock

Australia must never be a party to cynical, pro-Hamas lawfare

Image: X/Twitter

AIJAC expresses appreciation to PM, Leader of the Opposition, for bipartisan stance against extremism and antisemitism

Swastika 39031 1280

Submission to the Senate Legal and Constitutional Affairs Committee inquiry into right wing extremist movements in Australia

Screenshot

Much of the Arab world knows Hamas ‘is the problem’: Colin Rubenstein on Sky News

Image: Shutterstock

Faith: Shavuot

Image: Shutterstock

Australia must never be a party to cynical, pro-Hamas lawfare

Image: X/Twitter

AIJAC expresses appreciation to PM, Leader of the Opposition, for bipartisan stance against extremism and antisemitism

SORT BY TOPICS