Iranian Hackers Attack State Dept. via Social Media Accounts

Iran launched sophisticated computer espionages leading to a series of cyberattacks against US State Department officials over the past month.

It is possible that cyberespionage is becoming the tool of seeking the type of influence that Iranian hardliners hoped that that country’s nuclear program will eventually provide.

According to diplomatic and law enforcement officials who are familiar with the investigation Iranian hackers over the past month identified individual State Department officials who focus on Iran and the Middle East and broke into their email and social media accounts. The State Department became aware of the compromises when Facebook told the victims that the state-sponsored hackers compromised their accounts.

Iran’s cyberskills are not yet equal to those of Russia or China but the attack against the State Department by using the social media accounts of young government employees to gain access to their friends across the administration is a focus that was not seen before.

Iranians have been less destructive than they could be, but they are getting far more aggressive in cyberespionage, which they know is less likely it will prompt a response from the United States.

Iranian hackers have been responsible for a series of powerful attacks against American banks that took their websites offline as well as a destructive attack on Saudi Aramco, the world’s largest oil producer, that replaced data on employee machines with an image of a burning American flag. American government officials also blame Iran for a similarly destructive attack at RasGas, the Qatari natural gas giant,and for an attack on Sands Casino in Las Vegas, where a large number of computers were destroyed.

Last year Iranians began using cyberattacks for espionage rather than for destruction and disruption. From May 2014 Iranian hackers were targeting Iranian dissidents and later policy makers,senior military personnel and defense contractors in the United States, England and Israel.

The attacks were basic “spear phishing” attempts, in which attackers tried to lure their victims to click on a malicious link, in this case by impersonating members of the news media.
Iranian hackers were successful in more than a quarter of their attempts. The number of such attacks reached its climax in May just ahead of the nuclear talks in Vienna in July and reached more than 1,500 attempts.

In the months before the talks, Iran’s hackers began probing critical infrastructure networks in what appeared reconnaissance for cyberattacks with the objective of causing physical damage but in June and July as American and Iranian negotiators gathered in Vienna to agree a deal on Iran’s nuclear program, attacks against targets in the United States stopped. Instead of this, Iran started targeting victims in Israel as well as members of Daesh in July as the militant group began expanding territory across Iraq.

Then in August just two weeks after the nuclear accord was reached, the trickle of cyberattacks against the group’s usual targets resumed against included 1600 individuals from scholars, scientists, chief executives and ministry officials to education institutes, journalists and human rights activists. If facebook last month had not decided to use a new alert system to notify users when facebook’s security team believed state-sponsored hackers had hijacked their accounts, and US State Department officials began to see a troubling new message pop up on their facebook accounts, it is possible that the victims didn’t learn of the compromises.