Iran unit behind Charlie Hebdo hack and leak operation

After French satirical magazine Charlie Hebdo launched a cartoon contest to mock Iran’s ruling cleric, a state-backed Iranian cyber unit struck back with a hack-and-leak campaign designed to instill fear with the alleged theft of a large base subscriber data. Microsoft security researchers say.

The FBI blames the same Iranian cyber operatives, Emennet Pasargad, for an influence operation that sought to interfere in the 2020 US presidential election, the tech giant said in a blog posted Friday. In recent years, Iran has intensified false flag cyber operations as a tool to discredit enemies.

Calling itself “Holy Souls” and posing as hacktivists, the group claimed in early January to have obtained personal information on 200,000 subscribers and buyers of Charlie Hebdo merchandise, according to Microsoft’s Digital Threat Analysis Center.

As proof of data theft, “Holy Souls” published a sample of 200 records with names, phone numbers, and addresses and email addresses of Charlie Hebdo subscribers that “could put magazine subscribers at risk of attacks.” online or physical” by extremists. The group then advertised the alleged full data cache on various dark websites for $340,000.

Microsoft said it didn’t know if anyone bought the cache.

A representative for Charlie Hebdo said Friday that the newspaper would not comment on the Microsoft investigation. Iran’s mission to the United Nations did not immediately respond to a request for comment on Friday.

The launch of the January 4 sample coincided with the publication of the number of the Charlie Hebdo cartoon contest. Participants were asked to draw offensive caricatures of Iran’s Supreme Leader, Ayatollah Ali Khamenei.

French newspaper Le Monde verified multiple victims of the sample leak, Microsoft said. Iranian cyber operators sought to push news of the hack and leak operation, and fuel outrage over the cartoon editing, through fake French “sock puppet” accounts on social media platforms including Twitter, Microsoft said .

The operation coincided with verbal attacks from Tehran condemning Charlie Hebdo’s “insult”.

The provocatively irreverent magazine has a long history of publishing vulgar cartoons that critics find deeply insulting to Muslims. Two French-born al Qaeda extremists attacked the newspaper’s office in 2015, killing 12 cartoonists, and Charlie Hebdo has been the target of other attacks over the years.

The magazine called Khamenei’s cartoon contest a show of support for the nationwide anti-government protests that have rocked Iran since the mid-September death of Mahsa Amini, a 22-year-old woman detained by Iran’s morality police. for allegedly violating the country’s strict Islamic dress code. code.

After the edition of the cartoons was published, Iran closed a decades-old French research institute. Last week, he announced sanctions targeting more than 30 European individuals and entities, including three senior Charlie Hebdo officials. The sanctions are largely symbolic, as they ban travel to Iran and allow its authorities to block bank accounts and seize property in Iran.

According to the FBI, Emennet Pasargad authored what amounted to a relatively clumsy campaign to interfere in the 2020 US presidential election. The group obtained sensitive US voter information from at least one state election website and sent messages threatening emails to intimidate voters by posing as the far-right group Proud Boys, the FBI says.

Emennet Pasargad has also run, since 2018, cyber operations targeting news, shipping, airlines, oil and petrochemicals, finance, and telecommunications in the US, Europe, and the Middle East, the FBI says. The US newspaper chain Lee Enterprises was among the suspected targets, according to the Council on Foreign Relations.

The group’s attacks since 2020 have primarily targeted Israel, the FBI says. They follow a pattern of intrusion, theft, data leakage, and then amplification through social media and online forums. In some cases destructive malware has been used.

Leave a Reply

Your email address will not be published. Required fields are marked *