Iranian Hackers Impersonate Israeli Recruitment Firm in Espionage Scheme
A hacking group associated with the Iranian Revolutionary Guard’s intelligence apparatus operated a fake recruitment business to ensnare national security officials from Iran, Syria, and Lebanon into a cyber espionage scheme, according to a recent investigation by US-based cybersecurity firm Mandiant, a division of Alphabet’s Google Cloud.
Researchers linked the hackers to APT42, otherwise known as Charming Kitten, which has been implicated in cyberattacks, including the recent hack of Republican nominee Donald Trump’s US presidential campaign. The operation, which began at least in 2017, involved fabricating evidence to suggest that Israelis, either through Israel’s intelligence agency Mossad or a private contractor, were actively controlling it.
This holiday season, give to:
Truth and understanding
The Media Line's intrepid correspondents are in Israel, Gaza, Lebanon, Syria and Pakistan providing first-person reporting.
They all said they cover it.
We see it.
We report with just one agenda: the truth.
Analysts believe this impersonation aimed to identify individuals in the Middle East willing to share secrets with Israel and its Western allies, such as the US focusing on military and intelligence personnel connected to Iran’s allies. “The data collected by this campaign may support the Iranian intelligence apparatus in pinpointing individuals who are interested in collaborating with Iran’s perceived adversarial countries,” the Mandiant report stated.
The hackers used a network of websites mimicking human resources firms, operating under names such as VIP Human Solutions and Optima HR and targeted Farsi-speaking individuals for recruitment under false pretenses.
“VIP Recruitment, a center for recruiting respected military personnel into the army, security services, and intelligence from Syria and Hezbollah, Lebanon,” the website read. “Join us to help each other impact the world. Our duty is to protect your privacy.”
