A report in the New York Times recently revealed that hackers have been assembling information about the opposition in Iran. They have been doing this by hacking into computers and cell phones, as well as apps such as Telegram.
The People’s Mojahedin Organization of Iran (MEK), is the largest dissident group and is the subject of the greatest number of attacks. These Iranian hackers according to two reputable digital security reports have been involved in a massive cyber-espionage operation, which uses surveillance tools that are able to outsmart encrypted messaging systems.
NEW @Google says @YouTube terminated Iran regime's propaganda channels for spreading disinfo about the MEK (PMOI) & the US
"This campaign was consistent w/ similar findings reported by @Facebook"Iran runs similar disinfo projects on @Twitter's platformhttps://t.co/4F6Rncpnfa pic.twitter.com/easWIhbYVM
— M. Hanif Jazayeri (@HanifJazayeri) August 6, 2020
Everyone in Iran at risk
These hackers are focusing on several different groups according to two digital security sources which are:
- domestic dissidents;
- religious and ethnic minorities;
- anti-government activists abroad.
It is also believed that Iran is using cyber sabotage in an attempt to have an influence on the upcoming American presidential elections. Federal prosecutors have now identified two Iranians who they believe have hacked into US computers and stolen data on behalf of the government of Iran and for their own economic gain.
Today, the U.S. sanctioned 47 Iranian individuals and entities involved in the Iranian regime’s global cyber threat network. We will continue to expose Iran’s nefarious behavior and we will never relent in protecting our homeland and allies from Iranian hackers.
— Secretary Pompeo (@SecPompeo) September 17, 2020
A report released by Check Point’s intelligence unit stated that the cyber-espionage operation was initiated, to begin within 2014, but its capabilities have been left undetected until quite recently.
All these attacks have been traced to a private technology firm based in Iran’s northeast city of Mashhad called Andromeda, which has concentrated on attacking activists, ethnic minority groups, and separatist opposition groups as well as the general public.
The key victims of these attacks are The People’s Mojahedin Organization of Iran (MEK), a democratic opposition group that the Iranian authorities pretend unjustifiably that is a terrorist organization. Other groups are:
- Association of Families of Camp Ashraf and Liberty Residents;
- the Azerbaijan National Resistance organization;
- citizens of Iran’s restive Sistan and Balochistan Province;
- Hrana, an Iranian human rights news agency;
- human rights lawyers and journalists working for Voice of America.
https://www.facebook.com/MEK.Iran1/posts/340583333434780
These hackers were seemingly able to monitor mobile applications secretly that were often used to plan opposition demonstrations. Mr. Finkelstein at Check Point said that there was a distinct possibility that the hackers were working as freelancers who are employed by Iranian intelligence. The aim of such attacks is to discredit the policies of the regime’s political opponents.
The Azerbaijan National Resistance Organization spokesperson Babak Chalabi, a 37-year-old who promotes the rights of ethnic Turks residing in Iran, stated that his computer was hacked by this group two years ago when he received an email with a link which he clicked.
Google tracked ten influence operations in Q2 2020,with some being exposed by Twitter and Facebook as well. In April, this included 16 YouTube channels, account linked to the #Iranian state-sponsored network.#FreeIran2020 #Iran #MEK https://t.co/xgZWjE2Dni via @stopfundamentalism pic.twitter.com/VTIpsyzHcz
— MEK Iran (Mujahedin-e Khalq) (@MEK_Iran) August 9, 2020
Mr. Chalabi said he had been involved in an interview with the Al Arabiya television channel about Iran’s cybersecurity and just 3 days later he got an email from a person who was disguised as an Al Arabiya editor. He was told that the network had received several complaints from Iran about the interview and he was told to look at the comments via a provided link. When he clicked on the link, he found his computer was being accessed from an outside source. It was later confirmed that the same hackers were behind this move.
Soheila Dashti, head of the Association of Iranian professionals in Gotenberg, Sweden:
Last week, giant social networks like Facebook and Google identified and banned dozens of accounts linked to the regime’s state-radio and television.#MEK #Iran#FreeIran2018 pic.twitter.com/BLLkzmMVHP— Iran Freedom (@4FreedominIran) August 25, 2018
Mohammad Mohaddessin, Chair of the Foreign Affairs Committee of the National Council of Resistance of Iran (NCRI):
We welcome the decision by Twitter, Facebook, Google to shut down the Iran regime’s fake social media profiles. regime’s online terrorism must be tackled comprehensively. Thousands of IRGC hackers spread misinformation and demonize the Iranian Resistance (PMOI / MEK Iran) and prevent the free flow of news.