IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Hacking campaigns reveal Iranian attacks on dissidents

Iran-backed groups are targeting peoples’ mobile phones and PCs with sophisticated spyware

three blocks in front of falling binary code

Security researchers have found that Iran-backed hacking groups are actively spying on the Tehran government’s critics.

Check Point Researchers discovered the hackers and said there was evidence of two ongoing Iran-backed cyber-surveillance operations against suspected dissidents within Iran and 12 other countries, including the UK, US, Pakistan, Afghanistan, Turkey, Germany, Holland, Sweden, and others.

They said these operations have targeted over 1,200 people and remain active. The Iran-backed groups target peoples’ mobile phones and PCs with sophisticated spyware to collect sensitive data, including call recordings, messages, and locations.

One group, known as APT-C-50 or “Domestic Kitten,” spies on dissidents’ mobile phones, tricking people into downloading malicious software under the guise of popular apps. Victims included internal dissidents, opposition forces, ISIS advocates, people in the Kurdish minority in Iran, and more.

According to the researchers, hackers lured victims into installing a malicious application through multiple vectors, including an Iranian blog site, Telegram channels, and an SMS with a link to the malicious application. The malware planted could record calls, track locations, steal media videos and photos, and more.

The other group, known as Infy or “Prince of Persia,” spied on dissidents’ home and work PCs, extracting sensitive data after tricking targets into opening malicious email attachments. Researchers documented victims in 12 countries.

Researchers discovered fewer activities from Infy. One campaign used a photo of Mojtaba Biranvand, the governor of Dorud city in Lorestan Province, Iran. The document is in Persian and includes information regarding the governor’s office and his alleged phone number. 

Researchers said the technological abilities of Infy are “far superior to most other known Iranian campaigns, attacking only a handful of targets, and taking significant effort to go undetected and uninterrupted.”

“The operators of these Iranian cyber espionage campaigns seem to be completely unaffected by any counter-activities done by others, even though they were revealed and even stopped in the past — they simply don’t stop,” said Yaniv Balmas, head of research at Check Point. “These campaign operators simply learn from the past, modify their tactics, and go on to wait for a while for the storm to pass to only go at it again.”

Researchers have alerted law enforcement agencies in the US and Europe of their findings.

Featured Resources

Join the 90% of enterprises accelerating to the cloud

Business transformation through digital modernisation

Free Download

Delivering on demand: Momentum builds toward flexible IT

A modern digital workplace strategy

Free download

Modernise the workforce experience

Actionable insights and an optimised experience for both IT and end users

Free Download

The digital workplace roadmap

A leader's guide to strategy and success

Free Download

Recommended

Solve cyber resilience challenges with storage solutions
Whitepaper

Solve cyber resilience challenges with storage solutions

4 Jul 2022
Storage's role in addressing the challenges of ensuring cyber resilience
Whitepaper

Storage's role in addressing the challenges of ensuring cyber resilience

4 Jul 2022
Introducing IBM Security QRadar XDR
Whitepaper

Introducing IBM Security QRadar XDR

4 Jul 2022
The Total Economic Impact™ of IBM Security MaaS360 with Watson
Whitepaper

The Total Economic Impact™ of IBM Security MaaS360 with Watson

4 Jul 2022

Most Popular

Universities are fighting a cyber security war on multiple fronts
cyber security

Universities are fighting a cyber security war on multiple fronts

4 Jul 2022
Hackers claim to steal personal data of over a billion people in China
data breaches

Hackers claim to steal personal data of over a billion people in China

4 Jul 2022
Raspberry Pi launches next-gen Pico W microcontroller with networking support
Hardware

Raspberry Pi launches next-gen Pico W microcontroller with networking support

1 Jul 2022