Iran Targets Kurds With Spyware

Uploaded on 2018-09-19 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

A security firm has discovered that Iran is using spyware to targeted Iranian Kurds and other Iranian citizens in a surveillance operation called ‘Domestic Kitten.’ The security company Check Point has collected evidence that Iran is using the program in coordinated attacks since 2016.

“Recent investigations by Check Point researchers reveal an extensive and targeted attack that has been taking place since 2016 and, until now, has remained under the radar due to the artful deception of its attackers towards their targets,” Check Point said in a statement.

“Through the use of mobile applications, those behind the attack use fake decoy content to entice their victims to download such applications, which are in fact loaded with spyware, to then collect sensitive information about them,” the security firm said.

These targets include Kurdish and Turkish natives and supporters of the Islamic State (IS) group. “Most interesting of all, though, is that all these targets are actually Iranians citizens,” the security firm asserted.

According to Check Point, victims are first lured into downloading applications which is believed to be of interest to them. 
The applications Check Point researchers discovered included an IS branded wallpaper changer, “updates” from the pro-Kurdish ANF news agency, and a fake version of the messaging app, Vidogram.

The malware collects data including contact lists stored on the victim’s mobile device, phone call records, SMS messages, browser history and bookmarks, geo-location of the victim, photos, surrounding voice recordings and more, Check Point stated.

A senior member of one of the main Iranian Kurdish opposition parties confirmed the Iranian state is targeting Kurds online with spyware.

“We have seen an increase in Iranian use of spyware, especially on messaging services like Telegram and Viber. Iran also insert spyware into different files on websites it has dedicated to write about the Kurdish political parties,” Loghman H. Ahmedi, a senior member of the Democratic Party of Iranian Kurdistan’s (PDKI) leadership, told Kurdistan 24.

“People who are curious tend to download and forward these files and in doing so, compromise their mobile phones and computers. We have strict procedures regarding the use of smartphones and urge people not to download files or open messages even if it is from friends or family,” he added.

“But due to the lack of security software, it has been proven hard to completely protect ourselves from this type of espionage,” he said.

Apart from spyware, Iran is also increasing the number of fake social media accounts that write in English, the official said. 

“These accounts tend to be activated every time Iran commits some form of violence against the Kurdish people, or if Iran is put under pressure by the international community, and they often use the same line of arguments that Iranian lobbyists in the US and Europe do,” he said. 

“It seems to be coordinated with the lobbyists, especially with individuals linked to the NIAC [National Iranian American Council] in the US and members of different leftist organizations in Europe,” he concluded.

The spike in Iranian spy activities could be related to the increasing unrest in Iranian Kurdistan and clashes between Iranian Kurdish opposition groups and the Islamic Revolutionary Guard Corps. Recently, Iran launched seven missiles at the headquarters of parties in opposition to the Islamic Regime, killing 15 and injuring 42. Moreover, Iran has also recently executed six Kurdish political prisoners.

Kurdistan24

You Might Also Read:

Iran’s Internal Conflict Plays Out On Social Media:

The Resurgent Cyber Threat From Iran:

 

« A Breakthrough In Video Analytics
Keeping Young People Off The Dark Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

Purdicom

Purdicom

Purdicom (formerly known as Selcoms) is an award winning distributor specialising in Wireless, Cloud & Security technologies.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (ManuSec)

Cyber Security For Critical Manufacturing (Manusec) is a global series of summits focusing on Cyber Security for Critical Manufacturing Sectors.

Circadence

Circadence

Circadence offer the only fully immersive, AI-powered, patent-pending, proprietary cybersecurity training platform in the market today.

FraudHunt

FraudHunt

FraudHunt protects your website from account fraud, ad fraud, fraud clicks, and malicious bots.

Quadible

Quadible

Quadible BehavAuth is an AI-platform that continuously authenticates the users, without the need of any input, by learning their behavioural patterns.

Scarlett Cybersecurity

Scarlett Cybersecurity

Scarlett Cybersecurity provide cybersecurity services to US private and public organizations with specific emphasis on compliance and cybersecurity incident prevention, detection, and response.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

Quantexa

Quantexa

Quantexa automates millions of operational decisions, at scale, across multiple business units, including Anti-Money Laundering, Know-Your-Customer, Fraud, Credit Risk and Customer Intelligence.

PCS Security (PCSS)

PCS Security (PCSS)

PCS Security provides secure, reliable and state-of-the-art security solutions to help our customers address their security concerns.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

HADESS

HADESS

We are "Hadess", a group of cyber security experts and white hat hackers.

Capzul

Capzul

Capzul are transforming the network security landscape with a new approach; creating virtually impenetrable networks, precluding cybercriminal attacks on your network ecosystem.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.