Microsoft’s Digital Threat Analysis Center (DTAC) has attributed a recent cyber attack against French satirical newspaper – Charlie Hebdo to the Iranian government-backed organisation Emennet Pasargad.
Retaliation to a competition
In December 2022, the French magazine announced a competition (called #MULLAHSGETOUT) for cartoons “ridiculing” Iranian Supreme Leader Ali Khamenei.
The winning cartoons would then be published in the magazine in early January — marking the eight-year anniversary of the mass shooting inside Charlie Hebdo’s Paris office by two Muslim terrorist brothers that left 12 people dead and 11 others injured.
A 10th January article titled “Mullah attacks” posted on the Charlie Hebdo website explains that their website was briefly shutdown by an attack launched in response to the printing of the competition entries.
It now looks likely that the DDoS was a smokescreen for a breach which has now been announced that has resulted in the theft of a customer database of over 230,000 subscribers containing names, addresses, phone numbers, and financial information.
In addition to the database, a series of Charlie Hebdo files is also included in the sale.
The database is on sale on dark web markets for 20BTC which is approx. (USD)$470,000 at time of writing.
A previously unknown cyber crime group called “Holy Souls” is offering the database. DTAC has linked Holy Souls to the hacking group known as Neptunium, which is actually the U.S.-Sanctioned cyber security company Emennet Pasargad.
Emennet Pasargad
Emennet Pasargad is under sanctions by the US for an attempted election influence campaign targeting the 2020 U.S. presidential election.
Rewardsforjustice.net is offering a reward of up to (USD)$10M for information leading to the identification or location of any foreign person, including a foreign entity, who knowingly engaged or is engaging in interference in U.S. elections, as well as information leading to the prevention, frustration, or favorable resolution of an act of foreign election interference.
Disinformation campaigns
Neptunium have been under scrutiny by Microsoft and others for a while, and say that one of the tactics used by the hackers is to bombard social media with fake posts.
Microsoft researchers concluded that Emennet Pasargad was responsible for the breach “based on a larger set of intelligence” as well as an analysis of the open source technical, behavioral and contextual evidence.
Shortly after Holy Souls posted the leak it was amplified “by a concerted operation across several social media platforms,” the researchers said, which made use of a set of tactics previously witnessed in Iranian-aligned influence operations.
Clint Watts, General Manager of Microsofts’ DTAC said:
“Crucially, before there had been any substantial reporting on the purported cyber attack, these accounts posted identical screenshots of a defaced website that included the French-language message: ‘Charlie Hebdo a été piraté’ (‘Charlie Hebdo was hacked’).”
Clint Watts – General Manager – Microsoft DTAC
Twitter has suspended the fake account:
