July 17, 2024
Microsoft attributes Charlie Hebdo assaults to Iranian nation-state menace group

Microsoft’s Digital Menace Evaluation Heart (DTAC) has attributed a latest affect operation concentrating on the satirical French journal Charlie Hebdo to an Iranian nation-state actor. Microsoft dubbed the menace group, which calls itself Holy Souls, NEPTUNIUM. It has additionally been recognized as Emennet Pasargad by the US Division of Justice.

In January, the group claimed to have obtained the non-public info of greater than 200,000 Charlie Hebdo clients after entry to a database, which Microsoft believes was in response to a cartoon contest carried out by the journal. The knowledge included a spreadsheet detailing the complete names, phone numbers, and residential and electronic mail addresses of accounts that had subscribed to, or bought merchandise from, the publication.

“This info, obtained by the Iranian actor, might put the journal’s subscribers vulnerable to on-line or bodily concentrating on by extremist organizations,” Microsoft’s DTAC wrote. The announcement got here in the identical week as new analysis which revealed that almost all UK IT leaders consider that overseas states are utilizing the ChatGPT chatbot maliciously to focus on different nations.

Assault revenge for cartoon competitors resembles different Iranian nation-state campaigns

In December final yr, Charlie Hebdo launched a global competitors for cartoons “ridiculing” Iranian Supreme Chief Ali Khamenei, timed to coincide with the eighth anniversary of an attack by two al-Qa’ida within the Arabian Peninsula (AQAP)-inspired assailants on the journal’s workplaces. The competitors was publicly criticized by the Iranian Overseas Minister Hossein Amir-Abdollahian in January.

NEPTUNIUM (Emennet Pasargad/Holy Souls) marketed the cache of stolen information on the market for 20 Bitcoin (equal to roughly $340,000 on the time). A number of parts of the assault resemble earlier campaigns carried out by Iranian nation-state actors, Microsoft added, together with:

  • A hacktivist persona claiming credit score for the cyberattack
  • Claims of a profitable web site defacement
  • Leaking of personal information on-line
  • Using inauthentic social media “sockpuppet” personas
  • Impersonation of authoritative sources
  • Contacting information media organizations

Sockpuppet accounts impersonate French authority figures, taunt France’s cybersecurity sector

Using quite a few French-language sockpuppet accounts – social media accounts utilizing fictitious or stolen identities to obfuscate the account’s actual proprietor for the aim of deception – to amplify the marketing campaign and distribute antagonistic messaging was of explicit significance, Microsoft wrote. “On January 4, the accounts, lots of which have low follower and following counts and had been just lately created, started posting criticisms of the Khamenei cartoons on Twitter. Crucially, earlier than there had been any substantial reporting on the purported cyberattack, these accounts posted an identical screenshots of a defaced web site that included the French-language message: ‘Charlie Hebdo a été piraté’ (‘Charlie Hebdo was hacked’).”

Hours later, not less than two social media accounts started impersonating French authority figures, whereas accounts additionally posted taunting messages together with, “For me, the following topic of Charlie’s cartoons must be French cybersecurity consultants.” Using such sockpuppet accounts has been noticed in earlier Iran-linked operations together with an assault claimed by Atlas Group, a associate of Hackers of Savior, which the FBI attributed to Iran in 2022. A key purpose of Iranian affect operations is to “undermine public confidence within the safety of the sufferer’s community and information, in addition to embarrass sufferer firms and focused nations,” the FBI wrote in October 2022.

Copyright © 2023 IDG Communications, Inc.