The activity of Iranian hackers, who had already attacked the 2020 election campaign, is not new. However, it has been on the rise since last year.
Subscribers only
There has been theft of internal documents from Donald Trump’s presidential campaign and hacking attempts against Kamala Harris’. But there were also phishing emails sent to senior Israeli officials and members of the Iranian diaspora, as well as researchers and journalists, in the US or the UK. In recent months, Iranian state hackers have greatly stepped up their operations, as noted in a report by Google’s cybersecurity division, published on Wednesday, August 14 and devoted to a group of hackers dubbed “APT42” – also known as “Mint Sandstorm” or “Charming Kitten.”
Behind these code names used by cybersecurity researchers lies a unit operating on behalf of the Islamic Revolutionary Guard Corps (IRGC) and specializing in inbox hacking and data theft. Google’s researchers found that APT42 was using well-crafted email traps, including perfectly imitated trick documents. In some cases, the hackers also took care to start by developing a discussion with their targets, in order to gain their trust before sending them a link or a trick file.
To better deceive their victims, they also created fake academic or journalist profiles, posing as reporters from The Washington Post or The Economist. According to Google estimates, Israel and the US have each accounted for 30% of APT42 targets in recent months.
While the operations of these groups are increasing in intensity, they are not new. Microsoft already revealed in 2020 that Iranian hackers linked to the Revolutionary Guards had targeted inboxes used by a US presidential campaign, without specifying which one. APT42 has been active since at least 2015, according to 2022 estimates from Google-owned Mandiant, a leading cybersecurity firm, in its first report on the group. At the time, the company noted that “the methods deployed by APT42 leave a minimal footprint and might make the detection and mitigation of their activities more challenging.”
Interference operations increasing
The IRGC also oversees hybrid interference operations: in this area, Iran’s efforts have been “rapidly accelerating since June 2022,” said Microsoft in 2023, with 24 operations attributed to the Iranian government in 2022 “compared to just seven in 2021.” These operations can take the form of classic disinformation campaigns, but also hacking and leaking – the hacking of documents that are then shared online for political purposes.
The FBI and major cybersecurity companies believe that operations of this type are mainly being carried out by a specialized group, dubbed “Emennet Pasargad” and linked to a private cybersecurity company, which would act as a subcontractor to the Revolutionary Guards. According to Microsoft, it was this group that was responsible for the January 2023 hacking of French satirical publication Charlie Hebdo‘s subscriber database. Six of its members were then already under sanctions from the US government for their alleged role in a disinformation campaign that targeted the 2020 presidential election.
You have 27.63% of this article left to read. The rest is for subscribers only.
Vous pouvez lire Le Monde sur un seul appareil à la fois
Ce message s’affichera sur l’autre appareil.
-
Parce qu’une autre personne (ou vous) est en train de lire Le Monde avec ce compte sur un autre appareil.
Vous ne pouvez lire Le Monde que sur un seul appareil à la fois (ordinateur, téléphone ou tablette).
-
Comment ne plus voir ce message ?
En cliquant sur « » et en vous assurant que vous êtes la seule personne à consulter Le Monde avec ce compte.
-
Que se passera-t-il si vous continuez à lire ici ?
Ce message s’affichera sur l’autre appareil. Ce dernier restera connecté avec ce compte.
-
Y a-t-il d’autres limites ?
Non. Vous pouvez vous connecter avec votre compte sur autant d’appareils que vous le souhaitez, mais en les utilisant à des moments différents.
-
Vous ignorez qui est l’autre personne ?
Nous vous conseillons de modifier votre mot de passe.
Lecture restreinte
Votre abonnement n’autorise pas la lecture de cet article
Pour plus d’informations, merci de contacter notre service commercial.