loader gif

Iranian hackers suspected to be targeting US, UK, Latin America and Middle East

Iranian hackers suspected to be targeting US, UK, Latin America and Middle East
  • The influence campaign is leveraging a network of fake news sites and social media sites to promote Iran’s political interests.
  • Iran-linked threat group APT35 has also used similar techniques to boost its espionage campaigns.

Security researchers have uncovered a new influence campaign targeting the US, UK, Latin America and the Middle East. The campaign is suspected to be the work of Iran-linked hackers and is leveraging a network of fake news sites and social media sites to promote Iran’s political interests.

The campaign was found to be promoting anti-Saudi, anti-Israeli, Pro-Palestine and Pro-Iran narratives. The campaign also boosted support for certain US policies that favored Iran such as the U.S.-Iran nuclear deal (JCPOA).

Modus Operandi

According to security experts at FireEye, who uncovered the influence campaign, the suspected Iranian hackers’ activity dates back to at least 2017. Researchers discovered site registration data connected to social media accounts, which in turn, were linked to Iranian phone numbers. This indicates that the campaign was conducted by Iranian threat actors.

The researchers spotted multiple Twitter accounts linked to Iranian phone numbers. Various “inauthentic” social media personas were observed masquerading as American liberals supportive of US Senator Bernie Sanders. Meanwhile, some accounts heavily promoted “Quds Day” - a holiday established by Iran in 1979 to show its support for Palestine.

“We limit our assessment regarding Iranian origins to moderate confidence because influence operations, by their very nature, are intended to deceive by mimicking legitimate online activity as closely as possible,” FireEye researchers said in a report. “While highly unlikely given the evidence we have identified, some possibility nonetheless remains that the activity could originate from elsewhere, was designed for alternative purposes, or includes some small percentage of authentic online behavior.”

Although the Iran-linked APT35 group has previously also used similar tactics to boost its espionage campaigns, FireEye researchers have yet to find any links connecting this campaign to APT35.

Motive

The campaign’s purpose appears to be to further Iranian political interests such as the JCPOA and pushing significant anti-Trump messaging. However, the campaign doesn’t appear to have been designed to specifically influence the 2018 US midterm elections. Instead, it extends beyond US politics.

“The activity we have uncovered highlights that multiple actors continue to engage in an experiment with online, social media-driven influence operations as a means of shaping political discourse,” FireEye researchers said. “These operations extend well beyond those conducted by Russia, which has often been the focus of research into information operations over recent years.”

“Our investigation also illustrates how the threat posed by such influence operations continues to evolve, and how similar influence tactics can be deployed irrespective of the particular political or ideological goals being pursued,” the researchers added.

loader gif