LONDON: Iran is running two surveillance operations in cyberspace, using various methods to spy on more than 1,000 dissidents, according to a leading cybersecurity company.
People in Iran, the UK, the US and 10 other countries have been tracked by Iranian hackers, Check Point said.
It added that two groups are involved in disseminating spyware among dissidents that is then used to monitor them and to steal call recordings and other media.
One of the groups, Domestic Kitten, uses various methods to trick people into downloading malicious software to their phones.
For example, they mimic apps for Tehran-based restaurants, offer fake mobile-security apps or provide local news via a compromised app. In one case, they supplied an infected wallpaper app that also contained pro-Daesh imagery.
They said these operations have targeted over 1,200 people and remain active. The Iran-backed groups target peoples’ mobile phones and PCs with sophisticated spyware to collect sensitive data, including call recordings, messages, and locations.
One group, known as APT-C-50 or “Domestic Kitten,” spies on dissidents’ mobile phones, tricking people into downloading malicious software under the guise of popular apps. Victims included internal dissidents, opposition forces, ISIS advocates, people in the Kurdish minority in Iran, and more.
According to the researchers, hackers lured victims into installing a malicious application through multiple vectors, including an Iranian blog site, Telegram channels, and an SMS with a link to the malicious application. The malware planted could record calls, track locations, steal media videos and photos, and more.
Follow
Jan. 28, 2021
A hacker group considered a proxy for the Lebanese terror group Hezbollah has managed to penetrate internet and mobile phone networks, an Israeli cybersecurity firm said Thursday, revealing what it called a “global espionage” campaign.
According to Tel Aviv-based ClearSky Cyber Security, the group known as Lebanese Cedar used software and techniques linked in the past to Iranian state hackers to breach over 250 servers of targets in the United States, Britain, Egypt, Jordan, Lebanon, Israel and Palestinian controlled areas of the West Bank.
“We assess that there are many more companies that have been hacked and that valuable information was stolen from these companies over periods of months and years,” the company said in a report.