Iranian hackers go after nuclear workers, US officials and think tanks


AP investigation unearths ongoing attempts from within Iran to target diverse groups

Certfa researchers Nariman Gharib, left, and Amin Sabeti look at a computer at a cafe in London

Raphael Satter writes in Times of Israel, “As US President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of US-Iranian relations. The AP drew on data gathered by the London-based cybersecurity group Certfa to track how a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private emails of more than a dozen US Treasury officials. Also on the hackers’ hit list: high-profile defenders, detractors and enforcers of the nuclear deal struck between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and DC think tank employees.”

“Presumably, some of this is about figuring out what is going on with sanctions,” said Frederick Kagan, a scholar at the American Enterprise Institute who has written about Iranian cyberespionage and was among those targeted. Kagan said he was alarmed by the targeting of foreign nuclear experts. “This is a little more worrisome than I would have expected,” he said.”

President Hassan Rouhani listens to explanations on new nuclear achievements at a ceremony to mark ‘National Nuclear Day,’ in Tehran, Iran, April 9, 2018

“The hit list surfaced after Charming Kitten mistakenly left one of its servers open to the internet last month. Researchers at Certfa found the server and extracted a list of 77 Gmail and Yahoo addresses targeted by the hackers that they handed to the AP for further analysis. Although those addresses likely represent only a fraction of the hackers’ overall effort — and it’s not clear how many of the accounts were successfully compromised — they still provide considerable insight into Tehran’s espionage priorities.” (more…)

© Copyright JFJFP 2024