Iranian hackers targeted Israelis for info on dissidents — report

Cybersecurity firm says group most likely state-sponsored, looking for information on anti-regime activists living in Iran

Stuart Winer is a breaking news editor at The Times of Israel.

Illustrative image of a hacker at work (Pixabay)
Illustrative image of a hacker at work (Pixabay)

An Iranian state-sponsored hacker group has been targeting victims around the world, including Israelis, in an effort to steal contact information about dissidents living in Iran, a cybersecurity firm said.

The Iranian cyber-espionage group, known as Charming Kitten, even set up a fake news outlet called the British News Agency that was used to trap targets and then attack them with malicious code, the Calcalist economic daily said Tuesday, citing a report released earlier this week by the Israel-based ClearSky Cybersecurity.

The hackers focused on academic researchers, human rights activists, media outlets, and political advisers.

Most of the targets were in Iran, the US, Israel and the UK. Some are from other countries including France, Germany, Switzerland, Denmark, India, Turkey and the United Arab Emirates.

Among the Israeli figures known to have been targeted were Iran researcher Tamar Eilam Gindin from the Shalom Center, Kan radio news editor Eran Cicurel, and movie producer Alon Gur Arye, Calcalist reported.

ClearSky CEO Boaz Dolev said the purpose of the hacking operation was to obtain information about Iranian dissidents.

“They want to know who the researchers are talking to,” Dolev said. “They want to know who in Iran is in contact with such people out of the country.”

ClearSky CEO Boaz Dolev at a conference in Tel Aviv, November 2012. (Screen capture: YouTube)

Hackers used false identities, malicious code, and phishing attacks to dupe victims into revealing personal information.

Eyal Sela, head of Threat Intelligence at ClearSky, told Calcalist that the breadth of the attack indicated it was not a private operation but rather state-sponsored. That assessment was compounded by the fact that no financial use was made of the information the hackers gleaned.

“None of those hacked suffered financial damage,” Sela said. “The identity of the attacked — human rights activists and people with political ties — does not support the thesis that the campaign is connected to criminal groups.”

Targeted people received Twitter messages or emails from accounts registered with ostensibly Jewish-Israeli names. One claimed to be a journalist at KNBC, another an Israeli political researcher in California, and a third an Iranian Jewish girl seeking help to leave the country.

While ClearSky couldn’t say how many accounts were hacked, Dolev noted that such attacks usually have a 10 percent success rate.

ClearSky noted it had found connections between the Charming Kitten group and Behzad Mesri, an Iranian hacker indicted by the FBI for hacking HBO and then leaking episodes of the “Game of Thrones” series. The FBI claims Mesri is a member of another Iran-based hacking group sometimes known as Turk Black Hat, which has targeted hundreds of websites in the United States and around the world.

Most Popular
read more: