Recent reports exposed an Iranian affiliated cyber espionage group. The facts exposed revealed not only the fact that Iran has improved its spying methods and hackering abilities, but also that Iran is not that modest, as assumed to be, when it comes to spying. They may demand that their women cover their hair and body, from head to toe, but they seem to be quite flexible in the use of sexism when spying.
Reuters described the basic facts. Incidents reported by Tokyo based Trend Micro and a company called ClearSky, revealed attacks on victims by the use of fake Facebook pages, impersonation of popular technological brands or malicious word attachments. Although they do not use sophisticated technology, their methods were effective. The group nickname was copy-kittens or Rocket-kitten, and an affiliation with Iranian government infrastructure was established.
Other analysts and reports uncovered the more sexist and sinister methods. Darkreading revealed the use of phony female identities luring men for achieving the objective. A phony young female photographer convincing persona named Mia Ash was created, as the lure for the launching of attacks. She had phony LinkedIn, Facebook and blog accounts. The method was as follows: first create social media relationships, then send phishing emails to the targets. Reuters reporting on the same issue termed it a “honey-pot”, as they refer to the seduction methods – using attractive young female identities to seduce middle-aged men. Sometimes they even based themselves on a true figure, just stealing the figurehead.
Additional cyber espionage was enacted by groups called Cobalt Gypsy, Oil-Rig and ISMAgent. All affiliated with Iran. The “Cobalt Gypsy” group was apparently the operator of “Mia Ash”.
The reuters article quotes western security officials considering Iran to be “among the most sophisticated nation state cyber adversaries”.
Foreignpolicy in its piece entitled the Iranian cyberthreat is real is less subtle, and warns of a “devastating cyber attack from the Islamic Republic”. They describe the use of contrived news items and hijacked news websites in order to instill political mistrust, to drive political change- This is a field of “cyber-operations to manipulate information”. They summarize that Iran’s evolution in the cyber field has been rapid, and “Iran is capable of causing a lot of havoc through cyber-space”. They conclude that “the Gulf is ripe for exploitation”.
Well, to their credit, the media seems to have picked up on this issue. Apparently, the Iranian threat now transcends territory acquired in Syria and Iraq. It crosses physical boundaries. It has reached the cyber-space unending universe.