An Iranian nation-state group sanctioned by the U.S. authorities has been attributed to the hack of the French satirical journal Charlie Hebdo in early January 2023.
Microsoft, which disclosed particulars of the incident, is monitoring the exercise cluster below its chemical element-themed moniker NEPTUNIUM, which is an Iran-based firm referred to as Emennet Pasargad.
In January 2022, the U.S. Federal Bureau of Investigation (FBI) tied the state-backed cyber unit to a complicated affect marketing campaign carried out to intrude with the 2020 presidential elections. Two Iranian nationals have been accused for his or her function within the disinformation and risk marketing campaign.
Microsoft’s disclosure comes after a “hacktivist” group named Holy Souls (now recognized as NEPTUNIUM) claimed to be in possession of the private data of greater than 200,000 Charlie Hebdo clients, together with their full names, phone numbers, and residential and e-mail addresses.
The breach, which allowed NEPTUNIUM to achieve entry to an inside database, is suspected to have been orchestrated as a retaliation towards the publication for conducting a cartoon contest “ridiculing” Iranian Supreme Leader Ali Khamenei.
The launch of the complete cache of stolen knowledge might result in mass doxing, Redmond additional cautioned.
“After Holy Souls posted the pattern knowledge on YouTube and a number of hacker boards, the leak was amplified by a concerted operation throughout a number of social media platforms,” the Windows maker’s Digital Threat Analysis Center (DTAC) stated.
“This amplification effort made use of a specific set of affect techniques, strategies, and procedures (TTPs) DTAC has witnessed earlier than in Iranian hack-and-leak affect operations.”
The factors of similarity embody the usage of false-flag personas to conduct their hack-and-leak operations, inauthentic sockpuppet accounts, and the impersonation of authoritative sources, corroborating an October 2022 advisory from the FBI.
The objective, the FBI assessed, is to “undermine public confidence within the safety of the sufferer’s community and knowledge, in addition to embarrass sufferer firms and focused international locations.”
“These hack-and-leak campaigns contain a mix of hacking / theft of knowledge and knowledge operations that influence victims through monetary losses and reputational harm,” the company added.