In this email scam, Iran-linked hackers pose as journalists

Shutterstock

Reuters today published a report about an email hacking operation targeting journalists and their connected sources, and the scam appears to be associated with Iran.

The scam is this: send cleverly disguised emails that impersonate prominent journalists, in an effort to get the recipient to give up valuable data and access.

Here is an example.

IMAGE: Screenshot by researchers at the London-based Certfa Lab shows a bogus, Farsi-language interview request that appears to have been sent by journalist Farnaz Fassihi. The message was one of several malicious emails sent in the name of real journalists working for CNN, Deutsche Welle, and others. The reporters had nothing to do with the messages, which Certfa says were sent by Iran-linked hacking group 'Charming Kitten'. [Certfa/Handout via REUTERS]


“The incidents come to light at a time when the U.S. government has warned of Iranian cyber threats in the wake of the U.S. air strike that killed Iran’s second most powerful official, Major-General Qassem Soleimani,” report Raphael Satter and Christopher Bing at Reuters:

In a report published Wednesday, London-based cybersecurity company Certfa tied the impersonation of Fassihi to a hacking group nicknamed Charming Kitten, which has long been associated with Iran. Israeli firm ClearSky Cyber Security provided Reuters with documentation of similar impersonations of two media figures at CNN and Deutsche Welle, a German public broadcaster. ClearSky also linked the hacking attempts to Charming Kitten, describing the individuals targeted as Israeli academics or researchers who study Iran. ClearSky declined to give the specific number of people targeted or to name them, citing client confidentiality.

Iran denies operating or supporting any hacking operation. Alireza Miryousefi, the spokesman for the Islamic Republic’s mission to the United Nations, said that firms claiming otherwise “are merely participants in the disinformation campaign against Iran.”

Reuters uncovered similar hacking attempts on two other targets, which the two cybersecurity firms, along with a third firm, Atlanta-based Secureworks, said also appeared to be the work of Charming Kitten. Azadeh Shafiee, an anchor for London-based satellite broadcaster Iran International, was impersonated by hackers in attempts to break into the accounts of a relative of hers in London and Prague-based Iranian filmmaker Hassan Sarbakhshian.

Read more:Exclusive: Iran-linked hackers pose as journalists in email scam
[reuters.com, Raphael Satter, Christopher Bing]