HT TECH wants to start sending you push notifications. Click allow to subscribe

Iran-linked hackers posed as journalists in email scam

When Iranian-born German academic Erfan Kasraie received an email from The Wall Street Journal requesting an interview, he sensed something was amiss.

By: REUTERS
Updated on: Aug 20 2022, 19:23 IST
When Iranian-born German academic Erfan Kasraie received an email from The Wall Street Journal requesting an interview, he sensed something was amiss. The phony request was in reality an attempt to break into Kasraie’s email account. The incident is part of a wider effort to impersonate journalists in hacking attempts that three cybersecurity firms said they have tied to the Iranian government, which rejected the claim. (Getty Images)
When Iranian-born German academic Erfan Kasraie received an email from The Wall Street Journal requesting an interview, he sensed something was amiss. The phony request was in reality an attempt to break into Kasraie’s email account. The incident is part of a wider effort to impersonate journalists in hacking attempts that three cybersecurity firms said they have tied to the Iranian government, which rejected the claim. (Getty Images)

When Iranian-born German academic Erfan Kasraie received an email from The Wall Street Journal requesting an interview, he sensed something was amiss.

The November 12 note purportedly came from Farnaz Fassihi, a veteran Iranian-American journalist who covers the Middle East. Yet it read more like a fan letter, asking Kasraie to share his "important achievements" to "motivate the youth of our beloved country."

You may be interested in

Mobiles Tablets Laptops
Apple iPhone 15 Pro Max
  • Black Titanium
  • 8 GB RAM
  • 256 GB Storage
₹156,900
Check details
28% OFF
Samsung Galaxy S23 Ultra 5G
  • Green
  • 12 GB RAM
  • 256 GB Storage
₹107,999₹149,999
Buy now
Google Pixel 8 Pro
  • Obsidian
  • 12 GB RAM
  • 128 GB Storage
₹106,998
Check details
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage
₹87,900
Check details
21% OFF
Acer Swift Go SFG14 41 NX KG3SI 002 Laptop
  • Pure Silver
  • 8 GB RAM
  • 512 GB SSD
₹58,990₹74,999
Buy now
41% OFF
Acer Aspire 5 A515 57G Laptop
  • Gray
  • 16 GB RAM
  • 512 GB SSD
₹52,990₹89,999
Buy now
41% OFF
Acer Aspire 3 A315 24 NX KDESI 004 Laptop
  • Silver
  • 8 GB RAM
  • 512 GB SSD
₹34,490₹57,999
Buy now
40% OFF
Asus VivoBook 15 X515JA BQ322WS Laptop
  • Transparent Silver
  • 8 GB RAM
  • 512 GB SSD
₹31,350₹51,990
Buy now
35% OFF
Xiaomi Pad 6
  • Mist Blue
  • 6 GB RAM
  • 128 GB Storage
₹25,999₹39,999
Buy now
55% OFF
Lenovo Tab M10 5G
  • Abyss Blue
  • 6 GB RAM
  • 128 GB Storage
₹20,999₹47,000
Buy now
32% OFF
Realme Pad 2
  • Imagination Grey
  • 6 GB RAM
  • 128 GB Storage
₹19,668₹28,999
Buy now
Honor Pad X9
  • Gray
  • 4 GB RAM
  • 128 GB Storage
₹16,998
Check details

"This interview is a great honor for me," the note gushed.

Also read: Looking for a smartphone? To check mobile finder click here.

Another red flag was the follow-up email that instructed Kasraie to enter his Google password to see the interview questions.

The phony request was in reality an attempt to break into Kasraie's email account. The incident is part of a wider effort to impersonate journalists in hacking attempts that three cybersecurity firms said they have tied to the Iranian government, which rejected the claim. The incidents come to light at a time when the US government has warned of Iranian cyber threats in the wake of the US air strike that killed Iran's second most powerful official, Major-General Qassem Soleimani.

In a report here published Wednesday, London-based cybersecurity company Certfa tied the impersonation of Fassihi to a hacking group nicknamed Charming Kitten, which has long been associated with Iran. Israeli firm ClearSky Cyber Security provided Reuters with documentation of similar impersonations of two media figures at CNN and Deutsche Welle, a German public broadcaster. ClearSky also linked the hacking attempts to Charming Kitten, describing the individuals targeted as Israeli academics or researchers who study Iran. ClearSky declined to give the specific number of people targeted or to name them, citing client confidentiality.

Iran denies operating or supporting any hacking operation. Alireza Miryousefi, the spokesman for the Islamic Republic's mission to the United Nations, said that firms claiming otherwise "are merely participants in the disinformation campaign against Iran."

Also Read: Hackers are selling data of 30 million payment cards on dark web

Reuters uncovered similar hacking attempts on two other targets, which the two cybersecurity firms, along with a third firm, Atlanta-based Secureworks, said also appeared to be the work of Charming Kitten. Azadeh Shafiee, an anchor for London-based satellite broadcaster Iran International, was impersonated by hackers in attempts to break into the accounts of a relative of hers in London and Prague-based Iranian filmmaker Hassan Sarbakhshian.

Sarbakhshian - who fled the Islamic Republic amid a crackdown that saw the arrest of several fellow photojournalists in 2009 - was also targeted with an email that claimed to be from Fassihi. The message asked him to sign a contract to sell some of his pictures to The Wall Street Journal. Sarbakhshian said in an interview that he was suspicious of the message and didn't respond.

Neither did the ruse fool Kasraie, an academic who frequently appears on television criticizing Iran's government.

"I understood 100 percent that it was a trap," he said in an interview.

That's not surprising given the hackers' sloppy tactics. For instance, they missed the fact that Fassihi had left the Journal last year for a new job at The New York Times.

The Journal declined to comment. Fassihi referred questions to The Times, which in a statement called the impersonation "a vivid example of the challenges journalists are facing around the globe."

Also Read: Saudi hackers deface social media accounts of NFL and 15 of its teams

US officials and cybersecurity experts see Iran as a digital threat. Earlier this month, the U.S. Department of Homeland Security and the Federal Bureau of Investigation (FBI) issued alerts about the threat of Iranian cyberattacks following the controversial US attack that killed Soleimani. Microsoft, which tracks attempts to undermine election security, in October accused Charming Kitten of targeting a US presidential campaign; sources told Reuters at the time that the campaign was Donald Trump's.

Homeland Security and FBI spokespeople declined to comment on the recent impersonations identified by Reuters. Certfa, ClearSky, and Secureworks said they could be tied to Charming Kitten through a study of the tactics, targets, and digital infrastructure involved - including servers, link shortening services, and domain registration patterns.

"This activity does align with prior Iranian cyber operations," said Allison Wikoff, a Secureworks researcher who has tracked Charming Kitten for years.

In early 2019, the United States indicted Behzad Mesri - who ClearSky has linked to Charming Kitten through emails and social media activity - on charges of recruiting a former U.S. Air Force intelligence officer to spy on behalf of Iran. Mesri remains at large and could not be reached for comment.

Other impersonated journalists included CNN national security analyst Samantha Vinograd, whose identity was stolen in August and used in attempts to break into email accounts in Israel, ClearSky said. Another was Michael Hartlep, a Berlin-based videojournalist who has done freelance assignments for Deutsche Welle and Reuters. ClearSky found his name on an email inviting recipients to a bogus Deutsche Welle webinar on Iran's role in the Middle East. The firm did not find evidence that the Reuters name was used in hacking attempts.

In another case, the hackers appear to have invented a journalist - "Keyarash Navidpour" - to send out a phony invitation on Jan. 4 to an online seminar that it claimed Deutsche Welle would hold about the killing of Soleimani the day before. No such journalist works for Deutsche Welle, said the news organization's spokesman Christoph Jumpelt.

Vinograd referred questions to CNN, which did not return messages seeking comment. Hartlep told Reuters he worried such stunts might give sources second thoughts about answering a reporter's queries.

"If this becomes the usual way of tricking people," he said, "definitely it makes our work very hard."

Reporting by Raphael Satter and Christopher Bing in Washington; Additional reporting by Michelle Nichols in New York and Parisa Hafezi in London; Editing by Chris Sanders and Brian Thevenot

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on ,Twitter, Facebook, , and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 05 Feb, 19:57 IST

Sale

Mobiles Tablets Laptops
4% OFF
Samsung Galaxy S24 Ultra
  • Titanium Black
  • 12 GB RAM
  • 256 GB Storage
₹129,999₹134,999
Buy now
13% OFF
Xiaomi 14
  • Matte Black
  • 12 GB RAM
  • 512 GB Storage
₹69,999₹79,999
Buy now
10% OFF
Apple iPhone 15 Plus
  • Black
  • 6 GB RAM
  • 128 GB Storage
₹72,200₹79,900
Buy now
12% OFF
IQOO 12 5G
  • Legend
  • 12 GB RAM
  • 256 GB Storage
₹52,999₹59,999
Buy now
35% OFF
Xiaomi Pad 6
  • Mist Blue
  • 6 GB RAM
  • 128 GB Storage
₹25,998₹39,999
Buy now
38% OFF
Lenovo Tab M10 5G
  • Abyss Blue
  • 6 GB RAM
  • 128 GB Storage
₹20,999₹34,000
Buy now
38% OFF
Realme Pad 2
  • Imagination Grey
  • 6 GB RAM
  • 128 GB Storage
₹17,999₹28,999
Buy now
57% OFF
Honor Pad X8
  • Blue Hour
  • 3 GB RAM
  • 32 GB Storage
₹8,999₹20,999
Buy now
29% OFF
Asus ROG Flow X13 GV301RE LI201WS Laptop
  • Off Black
  • 32 GB RAM
  • 1 TB SSD
₹89,789₹125,989
Buy now
39% OFF
Asus ROG Zephyrus G14 GA401QH HZ076TS Laptop
  • Black
  • 8 GB RAM
  • 1 TB SSD
₹94,990₹155,990
Buy now
31% OFF
Asus ROG Zephyrus G14 GA401QC HZ094TS Laptop
  • Grey
  • 16 GB RAM
  • 1 TB SSD
₹94,999₹137,990
Buy now
27% OFF
Asus TUF Gaming F15 FX506HC HN089WS Laptop
  • Graphite Black
  • 8 GB RAM
  • 512 GB SSD
₹60,990₹82,990
Buy now