Microsoft: Iran unit behind Charlie Hebdo hack-and-leak op

Feb 3, 2023, 8:12 AM | Updated: Feb 6, 2023, 12:08 pm
FILE - Iranian demonstrators set fire to French flags during their gathering to protest against the...

FILE - Iranian demonstrators set fire to French flags during their gathering to protest against the publication of offensive caricatures of the Iranian Supreme Leader Ayatollah Ali Khamenei in the French satirical magazine Charlie Hebdo, in front of the French Embassy in Tehran, Iran, Sunday, Jan. 8, 2023. After the French satirical magazine Charlie Hebdo's launched a cartoon contest to mock Iran's ruling cleric, a state-backed Iranian cyber unit struck back in early January with a hack-and-leak campaign intent on striking fear with the claimed pilfering of a big subscriber database, Microsoft security researchers say. (AP Photo/Vahid Salemi, File)

(AP Photo/Vahid Salemi, File)

After the French satirical magazine Charlie Hebdo launched a cartoon contest to mock Iran’s ruling cleric, a state-backed Iranian cyber unit struck back with a hack-and-leak campaign that was designed to provoke fear with the claimed pilfering of a big subscriber database, Microsoft security researchers say.

The FBI blames the same Iranian cyber operators, Emennet Pasargad, for an influence operation that sought to interfere in the 2020 U.S. presidential election, the tech giant said in a blog published Friday. Iran has in recent years stepped up false-flag cyber operations as a tool for discrediting foes.

Calling itself “Holy Souls” and posing as hacktivists, the group claimed in early January to have obtained personal information on 200,000 subscribers and Charlie Hebdo merchandise buyers, according to Microsoft’s Digital Threat Analysis Center.

As proof of the data theft, “Holy Souls” released a 200-record sample with names, phone numbers and home and email addresses of Charlie Hebdo subscribers that “could put the magazine’s subscribers at risk for online or physical targeting” by extremists. The group then advertised the supposed complete data cache on several dark web sites for $340,000.

Microsoft said it did not know whether anyone purchased the cache.

A representative for Charlie Hebdo said Friday that the newspaper would not comment on the Microsoft research. Iran’s mission to the United Nations did not immediately respond to a request for comment Friday.

The Jan. 4 sample release coincided with the publication of Charlie Hebdo’s cartoon contest issue. Entrants were asked to draw offensive caricatures of Iran’s supreme leader, Ayatollah Ali Khamenei.

The French newspaper Le Monde verified multiple victims of the leak from the sample, Microsoft said. The Iranian cyber operators sought to boost news of the hack-and-leak operation — and fuel outrage at the cartoon edition — through fake French “sock-puppet” accounts on social media platforms that included Twitter, Microsoft said.

The operation coincided with verbal attacks by Tehran condemning Charlie Hebdo’s “insult.”

The provocatively irreverent magazine has a long history of publishing vulgar cartoons which critics consider deeply insulting to Muslims. Two French-born al-Qaida extremists attacked the newspaper’s office in 2015, killing 12 cartoonists, and it Charlie Hebdo has been the target of other attacks over the years.

The magazine billed the Khamenei caricature contest as a show of support for nationwide antigovernment protests that have convulsed Iran since the mid-September death of Mahsa Amini, a 22-year-old woman detained by Iran’s morality police for allegedly violating the country’s strict Islamic dress code.

After the cartoon issue was published, Iran shut down a decades-old French research institute. Last week, it announced sanctions targeting more than 30 European individuals and entities, including three senior Charlie Hebdo staffers. The sanctions are largely symbolic as they bar travel to Iran and allow its authorities to block bank accounts and confiscate property in Iran.

According to the FBI, Emennet Pasargad authored what amounted to a relatively ham-fisted campaign to interfere with the 2020 U.S. presidential election. The group obtained confidential U.S. voter information from at least one state election website and sent threatening email messages to intimidate voters posing as the far-right group Proud Boys, the FBI says.

Emennet Pasargad has also, since 2018, conducted cyber-operations targeting news, shipping, airlines, oil and petrochemical, financial, and telecommunications, in the U.S., Europe, and the Middle East, the FBI says. The U.S. newspaper chain Lee Enterprises was among the suspected targets, according to the Council on Foreign Relations.

The group’s attacks since 2020 have primarily targeted Israel, the FBI says. They follow a pattern of intrusion, theft, data leak and then amplification through social media and online forums. In some cases destructive malware has been used.

Copyright © The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.

AP

(Facebook Photo/City of San Luis, Arizona)...
Associated Press

San Luis authorities receive complaints about 911 calls going across border

Authorities in San Luis say they are receiving more complaints about 911 calls mistakenly going across the border.
4 days ago
(Pexels Photo)...
Associated Press

Daylight saving time begins in most of US this weekend

No time change is observed in Hawaii, most of Arizona, Puerto Rico, the U.S. Virgin Islands, American Samoa, Guam and the Northern Marianas.
12 days ago
Mexican army soldiers prepare a search mission for four U.S. citizens kidnapped by gunmen in Matamo...
Associated Press

How the 4 abducted Americans in Mexico were located

The anonymous tip that led Mexican authorities to a remote shack where four abducted Americans were held described armed men and blindfolds.
12 days ago
Tom Brundy points to a newly built irrigation canal on one of the fields at his farm Tuesday, Feb. ...
Associated Press

Southwest farmers reluctant to idle farmland to save water

There is a growing sense that fallowing will have to be part of the solution to the increasingly desperate drought in the West.
19 days ago
A young bison calf stands in a pond with its herd at Bull Hollow, Okla., on Sept. 27, 2022. The cal...
Associated Press

US aims to restore bison herds to Native American lands after near extinction

U.S. officials will work to restore more large bison herds to Native American lands under a Friday order from Interior Secretary Deb Haaland.
19 days ago
(Photo: OCD & Anxiety Treatment Center)...
Sponsored Content by OCD & Anxiety Treatment Center

Here's what you need to know about OCD and where to find help

It's fair to say that most people know what obsessive-compulsive spectrum disorders generally are, but there's a lot more information than meets the eye about a mental health diagnosis that affects about one in every 100 adults in the United States.

Sponsored Articles

(Photo: OCD & Anxiety Treatment Center)...

Here’s what you need to know about OCD and where to find help

It's fair to say that most people know what obsessive-compulsive spectrum disorders generally are, but there's a lot more information than meets the eye about a mental health diagnosis that affects about one in every 100 adults in the United States.
(Pexels Photo)...

Sports gambling can be fun for adults, but it’s a dangerous game for children

While adults may find that sports gambling is a way to enhance the experience with more than just fandom on the line, it can be a dangerous proposition if children get involved in the activity.
...
Quantum Fiber

How high-speed fiber internet edges out cable for everyday use

In a world where technology drives so much of our daily lives, a lack of high-speed internet can be a major issue.
Microsoft: Iran unit behind Charlie Hebdo hack-and-leak op