A month after the mysterious hacking of the satirical weekly Charlie Hebdo, Microsoft’s digital threat analysis center has just attributed this intrusion to a group, Emennet Pasagard, linked to the Iranian state. “We believe that this attack is the Iranian government’s response to the cartoon contest organized by Charlie Hebdo,” the American publisher said.
Microsoft is referring here to the media’s call for contributions launched in December aimed at ridiculing the “Supreme Leader of the Islamic Republic of Iran”, a “religious leader from another age”. A competition intended to support “the struggle of Iranians who are fighting for their freedom”, specified the weekly.
Similar procedure
If the American publisher explains that its attribution is based on a “broader” set of information, therefore not all public, the argument of its security team is centered on the way in which this attack was publicized. Microsoft notes that the communication around the hack is similar to previous influence operations carried out after computer attacks by actors linked to Iran.
Le Monde had, for example, pointed to the very vague profile of the hacker who claimed the operation, supported by a nebulous galaxy of accounts. Microsoft also notes this support for fake social accounts, one of which usurps the identity of one of the newspaper’s executives, obviously created to relay the attack.
Either a pattern “typical of operations sponsored by the Iranian state”, summarizes Microsoft. And to recall that for the FBI, the American federal investigation service, this kind of maneuver is intended to undermine public confidence in the security of the targeted organization.
High selling price
The computer attack had been claimed on the Breached data leak forum by a mysterious new user, Holysouls. The price of selling the personal information of 230,000 media customers and internal documents to the magazine, twenty bitcoins, or more than 400,000 euros at the current rate, was surprising. This kind of data leak usually trades at much lower rates.
Beyond the Charlie Hebdo hack, the Emennet Pasagard group is accused by the FBI of having attempted to interfere in the 2020 US presidential campaign. It is also suspected of having carried out an attack under the false flag of the “Yemen Cyber Army”, an operation targeting Saudi Arabia, or having attacked targets in Israel.
But the group would also carry out more traditional malicious actions targeting the hotel, telecommunications, finance and even the oil industry sectors. So many feats of arms that prompted the US administration to offer a large reward, up to 10 million dollars, for any information of interest.