The Scorched-Earth Tactics of Iran’s Cyber Army
In the early hours of January 5, a popular anonymous Iranian dissident account called Jupiter announced on Twitter that his friends had killed Abolqasem Salavati, a maligned magistrate nicknamed the “Judge of Death.” The tweet went viral, and thousands of jubilant people poured into the account’s Twitter Space to thank them for assassinating the man responsible for sentencing hundreds of political prisoners to die.
Soon, however, a few attendees voiced doubts over the veracity of the claim. They were cursed at and kicked out of the room, as the host insisted, “Tonight is about celebration!” while repeatedly encouraging viewers to make the Space go viral. The next day, activists on the ground and Iranian media confirmed that Salavati was, in fact, alive. Several experts suspect Jupiter to have been an Islamic Republic of Iran cyber operation aimed at distracting people, while the Iranian government executed two protesters the same night as the Twitter Space.
Within its borders, the Iranian regime controls its population through one of the world’s toughest internet filtering systems, physical crackdowns, and mass arrests carried out with impunity. However, the IRI is vulnerable beyond its physical and virtual borders, as the regime struggles to contain the discourse and silence dissidents. To combat opposition narratives in the West and among VPN-armed domestic activists online, the IRI cyber army deploys multifaceted, devious, and sometimes clumsy tactics. With the ongoing political unrest in Iran, old cyber tactics have been ramped up, and new tricks that aim to distract, discredit, distort, and sow distrust have come to the fore as the regime finds itself in a critical moment.
Desperate Times, Desperate Measures
Among the tactics used by the IRI’s cyber agents—known colloquially as Cyberi—is old-school hacking. The Iran-linked hacker group Charming Kitten gained notoriety in 2020 for its spear-phishing attempts on journalists, scholars, and policy experts in the West. The group was recognized by its signature strategy of pretending to be reporters or researchers and feigning interest in their targets’ work as a pretext for setting up interview requests embedded with a spear-phishing link. Recent reports from the UK government’s National Cyber Security Center and security firm Mandiant found that such spear-phishing activities cyber groups TA453 and APT42, which are affiliated with the Iranian Revolutionary Guard Corps, have been increasingly prevalent. Last month, the popular anti-regime account RKOT claimed to have received an interview request geolocated to an IRGC department in Shiraz from an individual purporting to be a journalist from The New York Times.
According to Amin Sabeti, founder of CERTFA, a cybersecurity collective specializing in uncovering state-backed Iranian cyber activities, these operations have shifted their methods over the past few months, since most targets of interest are aware of the threat and have learned to protect themselves from spear-phishing. Instead, Sabeti says, they now use a “domino effect” strategy by taking aim at low-profile targets, whose credentials they harvest in order to build trust and gain access to higher-profile targets in their network. Early this month, for example, the Iranian Canadian human rights activist Nazanin Afshin Jam said that she received a spear-phishing link from a trusted colleague who had been hacked.
“Right now, they go after everyone who they are interested in, in terms of this revolution, especially people who are working in nonprofits,” Sabeti says.
Notably, some of these state actors establish credibility and trust over time by masking themselves as anti-regime voices and ardent supporters of the protest movement, or by building relationships with targets. One account by the name of Sara Shokouhi was created in October 2022 and claimed to be a Middle East scholar. The account spent months boosting opposition voices and writing heartfelt tributes to protesters before finally being outed by Iran experts as a state-sponsored phishing operation.
Scientists Have No Idea How AI Predicted Breast Cancer Risk
VPR's Lala Kent Addresses Raquel Leviss Pregnancy Rumors
1D Singer! NFL Player! Hailee Steinfeld’s Dating History Over the Years
How Pep had key role in Postecoglou getting Spurs job with left-field suggestion
Bitcoin Price Prediction: BTC Rebounds to $27,000 Following SEC Lawsuit Against Binance
Hiking for Beginners: 9 Tips to Help You Hit the Trails
How to Make Your Own Homemade Barbecue Sauce
Lufthansa Group reaches agreement on the acquisition of 41 per cent stake in ITA Airways
How to Deal If Migraine Is Messing With Your Social Life
Nvidia Says Its New Supercomputer Officially ‘Closes the Digital Divide’
Asia (ex China) Is Asleep At The AI Wheel
Biden’s contrasting styles and priorities
No Royal Family Princess Lilibet Birthday Post ‘Not a Snub’ to Harry and Meghan
Open-standard, open-source tech body defies US sanctions
Donovan’s ‘Atlantis’ Has a Supernatural Explanation
Finance19 hours ago
Council Post: Why Wage Policies Need To Change
News19 hours ago
Apple Ghosts the Generative AI Revolution
Sport22 hours ago
Singapore ends all horse racing after 180 years in bombshell announcement as trainers and jockeys fear for livelihoods
Finance19 hours ago
Council Post: The Evolution Of Insurance In An AI-Driven World
Sport20 hours ago
West Ham and Fiorentina Wags, from an ex-Miss Italy to a underwater performer
Tech21 hours ago
Jack Dorsey Endorses RFK Jr. for President
Tech20 hours ago
Facebook’s Supreme Court Receives an Appeal Every 24 Seconds
Lifestyle19 hours ago
Ukrainian Refugee Tribeca Title ‘One Good Reason’ Unveils Trailer (EXCLUSIVE)