Spyware Campaign Targeted Iranian Kurdish Minority, ISIS Supporters
Revealed by information security firm Check Point, the campaign targeted Iranian citizens
Israel-based cybersecurity company Check Point Software Technologies Ltd. has announced it discovered a spyware campaign directed against Iranian Kurds, as well as Iranian ISIS supporters. Check Point stated that while the identity of the perpetrators behind the attack, ongoing since 2016, "remains unconfirmed," the company believes the campaign is "of Iranian origin," perhaps even directed by government entities.
According to Check Point, the perpetrators used fake decoy content—an ISIS themed app and a fake app for existing Kurdish news agency ANF—to trick users into downloading spyware to their mobile phones. Data collected included contact lists stored, phone call records, SMS messages, browser history and bookmarks, geolocation, photos, and voice recordings.
Check Point stated it believes around 240 people have fallen victim to the campaign so far, 97% of which Iranian citizens. Other victims are from Afghanistan, Iraq, and the U.K. The company stresses that the actual number of users who downloaded the apps may be much higher.
Last week, Israeli cybersecurity company ClearSky Cyber Security Ltd. announced it had identified three websites operated by Iranian entities that targeted Israeli users with "distorted" news. Called “Tel Aviv Times” one of the websites, operational since 2013, presented Hebrew-language stories pilfered from Israeli media but changed in critical places to support Iranian agenda.The websites were supported by 14 fake Facebook profiles and 11 fake Twitter accounts.