Following the launch of a cartoon contest by the French satirical magazine Charlie Hebdo to mock Iran's ruling cleric, a state-backed Iranian cyber unit retaliated with a hack-and-leak campaign. This was done in an attempt to create fear by claiming to have stolen a large subscriber database, according to Microsoft security researchers. The FBI has accused the same Iranian cyber operators, Emennet Pasargad, of attempting to interfere in the 2020 U.S. presidential election. Iran has been using false-flag cyber operations as a way to discredit its enemies. The group, calling itself Holy Souls and posing as hacktivists, claimed to have obtained personal information on 200,000 subscribers and Charlie Hebdo merchandise buyers. To prove this, they released a sample of 200 records with names, phone numbers, and home and email addresses of Charlie Hebdo subscribers, which could put them at risk of being targeted by extremists. They then advertised the supposed complete data cache on several dark web sites for $340,000. Microsoft does not know if anyone purchased the cache. The sample release was done on the same day as the publication of the cartoon contest issue, which asked entrants to draw offensive caricatures of Iran's supreme leader, Ayatollah Ali Khamenei. The Iranian cyber operators used fake French Sock-puppet accounts on social media platforms such as Twitter to spread news of the hack-and-leak operation and to fuel outrage at the cartoon edition. This was done in response to verbal attacks by Tehran condemning Charlie Hebdo's insult. In 2015, two French-born al-Qaida extremists attacked the newspaper's office, killing 12 cartoonists, and it has been the target of other attacks over the years. In response to the cartoon issue, Iran shut down a French research institute and announced sanctions targeting more than 30 European individuals and entities, including three senior Charlie Hebdo staffers. These sanctions are largely symbolic, as they bar travel to Iran and allow its authorities to block bank accounts and confiscate property in Iran.
This Cyber News was published on www.securityweek.com. Publication date: Sat, 04 Feb 2023 23:08:02 +0000