Iran cyberspies created fake news website to target US officials

A group of hackers in Iran are believed to have used fake social media profiles, and a bogus news website, to carry out cyber espionage attacks targeting at least 2,000 people. This is thought to include senior US military and diplomatic personnel, journalists, and both Israeli and US defense contractors.

In a report released Thursday, the security consultancy firm iSight Partners revealed findings indicating that a group consistent with Iranian origins has carried out a campaign since 2011. This series of undetected attacks to gather the email login details of targeted victims is known as Newscaster.

Here’s how Newscaster works. The hackers create a network of fake profiles on sites such as Facebook, Twitter, and LinkedIn. Next, they connect with friends of the individuals they are planning to target. Once mutual friends are gathered, the hackers connect with the targets themselves, which grants them access to personal information.

After getting connected, the attackers send links to web content, but first the user is taken to a fake login portal for websites such as Gmail. These false messages, also known as “spear-phishing,” are used to obtain password and other login details from the unsuspecting victims.

Many of the phony personas were quite extensive and often relied on a fake news site created solely for this campaign. The site, newsonair.org, published plagiarized news articles from international media outlets like Reuters and the BBC. Newsonair tweeted out the links and the false user profiles did the same across the social media landscape.

iSight came to the conclusion that the attacks were coming from Iran based on the skill sets used, the people targeted, and the timing of activity. The hackers took breaks during Iran’s lunchtime, stopped early on Thursdays and didn’t work on Fridays — in line with weekends in the country. Ward said another tip-off was that the IP address of the fake news organization was registered in Tehran.

While the US government has concentrated its cyber-security efforts on attacks coming out of China, experts have also begun to focus on the growing threat from Iran.

Earlier this month, cybersecurity company FireEye Inc. highlighted an organization called the Ajax Security Team — Iran’s first hacking group using malware to initiate politically minded espionage campaigns. Ajax is thought to have carried out attacks against US defense companies.

Experts say Iran has increased its cyber attacks on foreign entities since the Stuxnet attack in 2010 — a malware attack allegedly launched by the US to spy on Tehran’s nuclear program.

Source : Vice News