Your Yello Ring Road To Success
GOOGLE LOGIN MY ADS MY SHOP

Microsoft: Iranian Nation-State Group Sanctioned by U.S. Behind Charlie Hebdo Hack

Feb 06, 2023Ravie LakshmananHacktivist / Cyber Attack

Charlie Hebdo Hack

An Iranian nation-state group sanctioned by the U.S. government
has been attributed to the hack of the French satirical magazine
Charlie Hebdo in early January 2023.

Microsoft, which disclosed details of the incident, is tracking
the activity cluster under its chemical element-themed moniker
NEPTUNIUM, which is an Iran-based company known as
Emennet Pasargad.

In January 2022, the U.S. Federal Bureau of Investigation (FBI)
tied[1]
the state-backed cyber unit to a sophisticated influence campaign
carried out to interfere[2]
with the 2020 presidential elections. Two Iranian nationals have
been accused for their role in the disinformation and threat
campaign.

Microsoft’s disclosure comes after a “hacktivist” group named
Holy Souls (now identified as NEPTUNIUM) claimed to be in
possession of the personal information of more than 200,000 Charlie
Hebdo customers, including their full names, telephone numbers, and
home and email addresses.

The breach, which allowed NEPTUNIUM to gain access to an
internal database, is suspected to have been orchestrated as a
retaliation against the publication for conducting a cartoon contest[3]
“ridiculing” Iranian Supreme Leader Ali Khamenei.

The release of the full cache of stolen data could lead to mass
doxing, Redmond further cautioned.

“After Holy Souls posted the sample data on YouTube and multiple
hacker forums, the leak was amplified by a concerted operation
across several social media platforms,” the Windows maker’s Digital
Threat Analysis Center (DTAC) said[4].

“This amplification effort made use of a particular set of
influence tactics, techniques, and procedures (TTPs) DTAC has
witnessed before in Iranian hack-and-leak influence
operations.”

The points of similarity include the use of false-flag personas
to conduct their hack-and-leak operations, inauthentic sockpuppet
accounts, and the impersonation of authoritative sources,
corroborating an October 2022 advisory[5]
from the FBI.

The goal, the FBI assessed, is to “undermine public confidence
in the security of the victim’s network and data, as well as
embarrass victim companies and targeted countries.”

“These hack-and-leak campaigns involve a combination of hacking
/ theft of data and information operations that impact victims via
financial losses and reputational damage,” the agency added.

Found this article interesting? Follow us on Twitter [6]
and LinkedIn[7]
to read more exclusive content we post.

References

  1. ^
    tied
    (thehackernews.com)
  2. ^
    interfere
    (thehackernews.com)
  3. ^
    cartoon
    contest     (web.archive.org)
  4. ^
    said
    (blogs.microsoft.com)
  5. ^
    October
    2022 advisory     (www.ic3.gov)
  6. ^
    Twitter
     (twitter.com)
  7. ^
    LinkedIn
    (www.linkedin.com)

Read more