Operation Newscaster, as named by the American security firm iSight was a well-planned cyber espionage campaign executed to spy on military and political leaders in the United States, Israel and other countries. According to iSight, Newscaster’s main targets were US Navy admiral, US lawmakers & ambassadors, members of the United States/Israeli lobby; personnel from Britain, Iraq, Syria, Saudi Arabia and Afghanistan. Operation Newscaster was a well-planned cyber espionage campaign allegedly carried out by Iran.
Since 2011 this operation was active and it was one of the most intricate cyber espionage campaigns, which actively used "social engineering" to satiate its intentions. Hackers technical inability was covered in the form of creative hacking.
The Iranian hackers were disguised as journalists and in order to make their profile look genuine. They created a fake website – NewsOnAir.org, where they reposted genuine articles published by AP, BBC, Reuters and others. Hackers shared those articles on social media to build rapport. This fake website was registered in Iran. Also, the IP addresses used to access this website appeared to be Iranian as well. Besides, hackers also camouflaged identities of real journalists. The targeted journalists includedSandra Maler, the Thomson Reuters reporter and Kimberly Gulifoyle, the Fox News reporter.
According to the investigation report, more than 2,000 individuals have been affected by this campaign, which waslaunched with an objective to steal login credentials, personal and corporate email ids of the targets. Compared to the Chinese espionage, Newscaster was rudimentary and technology wise they used low level IRC malware and they posted phishing links on their website NewsonAir.Org. They executed the whole operation by establishing a friendly relationship with security personnel’s using their fake profiles on Facebook, Twitter and LinkedIn and tricked them to click on those malicious links.
Iranian cybercriminals maintained a regular schedule to execute the whole operation, which included lunch breaks followed by work reminders. Their work hours are similar to work hoursin Tehran. Besides, hackers worked half day on Thursday and rarely worked on Fridays – the Iranian weekend. The additional clues such as the selected targets and the additional technical indicators made investigators believe that Iran is the Newscaster’s root of origin.
According to Stephen Ward, Senior Director of Marketing at iSight Partners, the whole operationrevolved around stealing the login credentials of the targets and they had no idea what attackers have done with those credentials and what data was leaked over social media. The report concluded that Operation Newscaster became successful only due to its patience, brash character and creative use of social media platforms.
Operation Newscaster was carried out stealthily to steal the login credentials of US Military Personals, US Lawmakers, member of US and Israeli lobby and other senior officials of different countries. The whole operation was executed through social engineering. Iranian hackers posed themselves as journalists, created a fake website, established friendship with targets using fabricated profiles and tricked them to click on malicious links. This operation was allegedly executed by Iran. Hackers worked systematically and maintained extreme professionalism to achieve their objective of stealing target's login details.