Iran-linked hackers impersonate journalists to spy on dissidents


The Iranian government has been linked to several hacking attempts targeting individuals critical of the Tehran administration and this is seen as a potential threat to those living outside the country.

In one incident, Iranian-born German academic Erfan Kasraie received an email from The Wall Street Journal requesting for an interview. He sensed right away that something was amiss.

The email purportedly coming from Farnaz Fassihi, a veteran Iranian-American journalist who covers the Middle East reads more like a fan letter, asking Mr Kasraie to share his “important achievements” to “motivate the youth of our beloved country”.

Another red flag: the follow-up email that instructed Mr Kasraie to enter his Google password to see the interview questions.

The phoney request was in reality an attempt to break into Mr Kasraie’s email account. The incident is part of a wider effort to impersonate journalists in hacking attempts that three cybersecurity firms said they have tied to the Iranian government, which rejected the claim.

In a report published on Wednesday, London-based cybersecurity company Certfa tied the impersonation of Ms Fassihi to a hacking group nicknamed Charming Kitten, which has long been associated with Iran.

Israeli firm ClearSky Cyber Security provided Reuters with documentation of similar impersonations of two media figures at CNN and Deutsche Welle, a German public broadcaster. ClearSky also linked the hacking attempts to Charming Kitten, describing the individuals targeted as Israeli academics or researchers who study Iran. ClearSky declined to give the specific number of people targeted or to name them, citing client confidentiality.

Iran denies operating or supporting any hacking operation. Alireza Miryousefi, the spokesperson for the Islamic Republic’s mission to the United Nations, said that firms claiming otherwise “are merely participants in the disinformation campaign against Iran”.

Reuters uncovered similar hacking attempts on two other targets, which the two cybersecurity firms, along with a third firm, Atlanta-based Secureworks, said also appeared to be the work of Charming Kitten.

Azadeh Shafiee, an anchor for London-based satellite broadcaster Iran International, was impersonated by hackers in attempts to break into the accounts of a relative of hers in London and Prague-based Iranian filmmaker Hassan Sarbakhshian.

Mr Sarbakhshian – who fled the Islamic Republic amid a crackdown that saw the arrest of several fellow photojournalists in 2009 – was also targeted with an email that claimed to be from Ms Fassihi. The message asked him to sign a contract to sell some of his pictures to The Wall Street Journal. Mr Sarbakhshian said in an interview that he was suspicious of the message and didn’t respond.

Neither did the ruse fool Mr Kasraie, an academic who frequently appears on television criticising Iran’s government.

“I understood 100 per cent that it was a trap,” he said in an interview.

That’s not surprising given the hackers’ sloppy tactics. For instance, they missed the fact that Ms Fassihi had left The Wall Street Journal last year for a new job at The New York Times.

US officials and cybersecurity experts see Iran as a digital threat. Earlier this month, the US Department of Homeland Security and the FBI issued alerts about the threat of Iranian cyber attacks following the controversial US attack that killed Gen. Qassem Soleimani.

Microsoft, which tracks attempts to undermine election security, in October, accused Charming Kitten of targeting a US presidential campaign; sources told Reuters at the time that the campaign was Donald Trump’s. (Source: Independent UK)