December 14, 2018 at
Hackers which were believed to be linked to Iran have organized an attack on US sanctions officials and nuclear scientists. The objective was to break into private emails of targeted scientists and officials. The report of the attack came from a UK-based cybersecurity group called Certfa.
According to Certfa researchers, the hacking group responsible for the attack was identified as Charming Kitten. The group’s hackers targeted over a dozen of the US Treasury officials, who were instrumental in enforcing a nuclear deal between Tehran and Washington. Other targeted individuals include Arab atomic scientists, DC think tank employees, as well as Iran’s own civil society figures.
The attack was conducted last month, just after the US President Donald Trump announced re-imposing economic sanctions on Iran. As for the hit list itself, it appeared after Charming Kitten accidentally left one of the group’s servers unsecured. Certfa’s researchers managed to locate the server, and after storming it, they ended up with around 77 email addresses which include Gmail and Yahoo. The addresses were belonging to targets of the attack, and researchers believe that this is only a fraction of the real list.
It is still not clear how many accounts were compromised during the attack, however, no matter the amount, it is believed that they have gained an important insight into the espionage priorities of Tehran.
One of American Enterprise Institute’s scholars, Frederick Kagan, believes that at least a part of the campaign was dedicated to uncovering what is happening with sanctions. Kagan, who also wrote about Iranian cyberespionage, stated that the fact that nuclear experts are targeted in quite worrisome and alarming.
Certfa researcher, Nariman Gharib, confirmed this and has also stated that the targets are quite specific. In a Thursday report, Certfa claimed that it managed to connect hackers to Iran’s government, which was confirmed by others who attempted to track Charming Kitten group.
Targets make Iran’s interests clear
Back in 2015, the former US President Barack Obama and his administration asked of Tehran to stop the uranium enrichment, and in return, the US will lift international sanctions. While the deal was made at the time, the current US President Donald Trump broke it in May, despite the US allies’ objections. The sanctions were quickly re-imposed, which is believed to have caused the attacks.
However, after obtaining the list of targets, it was noticed that several individuals who were found on the list had something in common — they were in charge of overseeing the nuclear arsenal of the US itself. One such individual was the US Assistant Secretary of Defence for Nuclear, Chemical, and Biological Defence Programs, Guy Roberts. Mr. Roberts commented on his presence on this list, stating that he has had concerns regarding the possibility of something like this occurring.
Another high-profile target of the hacking group was Andrew J. Grotto, who has written about the nuclear ambitions of Iran. Roberts, Grotto, and multiple other targets clearly indicate that Iran is largely interested in nuclear technology and administration. Another official with his name on the list, Jarrett Blanc, stated that this is no shock and that it would be far more surprising if Iranian hackers didn’t try to break into his email accounts.
The relationship between the US and Iran has always been an uneasy one, and hacking attacks were present ever since hacking was invented. It is no secret that the US has interests in the Middle East, and Iran’s militant brand of Shia Islam has constantly been challenging those interests.
The US itself employed harsh measures to achieve its goals, and it is said that US and Israeli spies were the ones who have created and deployed a centrifuge-manipulating computer worm Stuxnet which infiltrated Iran’s uranium enrichment facilities in order to sabotage them. Iranian hackers were believed to have retaliated via a string of DDoS attacks that have disrupted American banks.
The current campaign by the Charming Kitten is, however, far less sophisticated, according to researchers. For now, it all comes down to a technique called phishing, which is mostly relying on attempts to steal passwords and misuse them.