Iran’s dissident surveillance operation exposed

Special Iran’s dissident surveillance operation exposed
Using malware disguised as Android applications, Iranian hackers successfully overcame encryptions set up by messaging apps and infiltrated targets’ supposedly secure mobile phones and computers. (File/AFP)
Short Url
Updated 09 February 2021

Iran’s dissident surveillance operation exposed

Iran’s dissident surveillance operation exposed
  • The IRGC focuses on foreign dissidents, while the ministry focuses on Iranians at home

LONDON: Iran is running two surveillance operations in cyberspace, using various methods to spy on more than 1,000 dissidents, according to a leading cybersecurity company.

People in Iran, the UK, the US and 10 other countries have been tracked by Iranian hackers, Check Point said.

It added that two groups are involved in disseminating spyware among dissidents that is then used to monitor them and to steal call recordings and other media.

One of the groups, Domestic Kitten, uses various methods to trick people into downloading malicious software to their phones.

For example, they mimic apps for Tehran-based restaurants, offer fake mobile-security apps or provide local news via a compromised app. In one case, they supplied an infected wallpaper app that also contained pro-Daesh imagery.

Check Point said Tehran has achieved at least 600 successful infections using these methods.

The other group involved in the hacking scandal, Infy, is known to have been operating as early as 2007, and has targeted peoples’ computers by sending emails with attractive content and an attachment containing spyware.

The Infy campaign, according to Check Point, is one of Iran’s most sophisticated campaigns yet.

“It is clear that the Iranian government is investing significant resources into cyber operations,” said Check Point cyber-research head Yaniv Balmas.

“The operators of these Iranian cyber-espionage campaigns seem to be completely unaffected by any counter-activities done by others, even though both campaigns had been revealed and even stopped in the past. They have simply restarted.”

Amin Sabeti, executive director at the Washington-based Digital Impact Lab, told Arab News that once Iranian operatives break into dissidents’ devices, their priority is finding out who these people are speaking to in Iran.

“They want to find the network of people, especially those outside the country, and figure out what they’re talking about and who they’re talking to — then they arrest them,” he said.

Sabeti added, however, that Iran is not a top-tier cyber threat. “It can’t compete with Russia or China,” he said.

What Tehran’s cyber agencies excel at is what Sabeti called the “social engineering” side of hacking.

“In terms of the technology they aren’t that sophisticated, but in implementation they’re excellent,” he said.

“They understand their target perfectly — they study them and figure out what they want, and compromise them from there.”

The Intelligence Ministry and the Islamic Revolutionary Guard Corps (IRGC), Sabeti said, each run their own distinct cyber entities with different targets. The IRGC focuses on foreign dissidents, while the ministry focuses on Iranians at home.

The work of various security operations often overlaps, and the end result, he said, is an interconnected system of spying that “looks like it was taken from the Soviet Union’s playbook.”

Soleimani’s shadow
Qassem Soleimani left a trail of death and destruction in his wake as head of Iran’s Quds Force … until his assassination on Jan. 3, 2020. Yet still, his legacy of murderous interference continues to haunt the region