Iran Targets Kurds With Spyware

A security firm has discovered that Iran is using spyware to targeted Iranian Kurds and other Iranian citizens in a surveillance operation called ‘Domestic Kitten.’ The security company Check Point has collected evidence that Iran is using the program in coordinated attacks since 2016.

“Recent investigations by Check Point researchers reveal an extensive and targeted attack that has been taking place since 2016 and, until now, has remained under the radar due to the artful deception of its attackers towards their targets,” Check Point said in a statement.

“Through the use of mobile applications, those behind the attack use fake decoy content to entice their victims to download such applications, which are in fact loaded with spyware, to then collect sensitive information about them,” the security firm said.

These targets include Kurdish and Turkish natives and supporters of the Islamic State (IS) group. “Most interesting of all, though, is that all these targets are actually Iranians citizens,” the security firm asserted.

According to Check Point, victims are first lured into downloading applications which is believed to be of interest to them. 
The applications Check Point researchers discovered included an IS branded wallpaper changer, “updates” from the pro-Kurdish ANF news agency, and a fake version of the messaging app, Vidogram.

The malware collects data including contact lists stored on the victim’s mobile device, phone call records, SMS messages, browser history and bookmarks, geo-location of the victim, photos, surrounding voice recordings and more, Check Point stated.

A senior member of one of the main Iranian Kurdish opposition parties confirmed the Iranian state is targeting Kurds online with spyware.

“We have seen an increase in Iranian use of spyware, especially on messaging services like Telegram and Viber. Iran also insert spyware into different files on websites it has dedicated to write about the Kurdish political parties,” Loghman H. Ahmedi, a senior member of the Democratic Party of Iranian Kurdistan’s (PDKI) leadership, told Kurdistan 24.

“People who are curious tend to download and forward these files and in doing so, compromise their mobile phones and computers. We have strict procedures regarding the use of smartphones and urge people not to download files or open messages even if it is from friends or family,” he added.

“But due to the lack of security software, it has been proven hard to completely protect ourselves from this type of espionage,” he said.

Apart from spyware, Iran is also increasing the number of fake social media accounts that write in English, the official said. 

“These accounts tend to be activated every time Iran commits some form of violence against the Kurdish people, or if Iran is put under pressure by the international community, and they often use the same line of arguments that Iranian lobbyists in the US and Europe do,” he said. 

“It seems to be coordinated with the lobbyists, especially with individuals linked to the NIAC [National Iranian American Council] in the US and members of different leftist organizations in Europe,” he concluded.

The spike in Iranian spy activities could be related to the increasing unrest in Iranian Kurdistan and clashes between Iranian Kurdish opposition groups and the Islamic Revolutionary Guard Corps. Recently, Iran launched seven missiles at the headquarters of parties in opposition to the Islamic Regime, killing 15 and injuring 42. Moreover, Iran has also recently executed six Kurdish political prisoners.

Kurdistan24

You Might Also Read:

Iran’s Internal Conflict Plays Out On Social Media:

The Resurgent Cyber Threat From Iran:

 

« A Breakthrough In Video Analytics
Keeping Young People Off The Dark Web »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Aurec

Aurec

Aurec provides specialist recruitment and contracting services including ICT professionals.

SOTI

SOTI

SOTI is an industry leader in Enterprise Mobility Management (EMM).

Cyberkov

Cyberkov

Cyberkov services include Pentesting, Vulnerability Assessments, Digital Forensics, Incident Response, Source Code Analysis and Security Training.

Roke Manor Research

Roke Manor Research

Roke is a world-class electronics engineering consultancy. Areas of expertise include cyber security, cyber assurance and cryptographic solutions.

Tenzir

Tenzir

Tenzir's primary focus lies on network forensics: the systematic investigation of cyber attacks with big data analytics.

Hardenite

Hardenite

Hardenite solution helps R&D, DevOps and IT teams to continuously manage security risks and hardening efforts of any Linux OS – based product, throughout the product life cycle.

ReFirm Labs

ReFirm Labs

ReFirm Labs provides the tools you need for firmware security, vetting, analysis and continuous IoT security monitoring.

CyPhyCon

CyPhyCon

CyPhyCon is an annual event exploring threats and solutions to cyber attacks on cyber-physical systems such as industrial control systems, Internet of Things and Industrial Internet of Things.

Ergo

Ergo

Ergo is a world-class IT Partner of choice, leveraging the latest technology available in cloud, mobility, big data, analytics, and social media.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

Mitiga

Mitiga

Mitiga uniquily combines the top cybersecurity minds in Incident Readiness and Response with a cloud-based platform for cloud and hybrid environments.

BlackFog

BlackFog

BlackFog is a leader in device data privacy, data security and ransomware prevention. Our behavioral analysis and anti data exfiltration technology stops hackers before they even get started.

Tentacle

Tentacle

Tentacle has developed a configurable data management tool that helps organizations to improve their information security programs and overall security posture.

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies (BGSW)

Bosch Global Software Technologies offer an advanced innovation for AI security. The Bosch AIShield is the definite answer to safeguard your business against model extraction attacks.

GreenPages Technology Solutions

GreenPages Technology Solutions

GreenPages provide expert strategic guidance and proven cloud-era solutions for our clients. Every day we help organizations leverage the cloud securely with less risk and cost.

Defence Innovation Accelerator for the North Atlantic (DIANA)

Defence Innovation Accelerator for the North Atlantic (DIANA)

The NATO DIANA accelerator programme is designed to equip businesses with the skills and knowledge to navigate the world of deep tech, dual-use innovation.