Iran Targets Kurds With Spyware

Uploaded on 2018-09-19 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

A security firm has discovered that Iran is using spyware to targeted Iranian Kurds and other Iranian citizens in a surveillance operation called ‘Domestic Kitten.’ The security company Check Point has collected evidence that Iran is using the program in coordinated attacks since 2016.

“Recent investigations by Check Point researchers reveal an extensive and targeted attack that has been taking place since 2016 and, until now, has remained under the radar due to the artful deception of its attackers towards their targets,” Check Point said in a statement.

“Through the use of mobile applications, those behind the attack use fake decoy content to entice their victims to download such applications, which are in fact loaded with spyware, to then collect sensitive information about them,” the security firm said.

These targets include Kurdish and Turkish natives and supporters of the Islamic State (IS) group. “Most interesting of all, though, is that all these targets are actually Iranians citizens,” the security firm asserted.

According to Check Point, victims are first lured into downloading applications which is believed to be of interest to them. 
The applications Check Point researchers discovered included an IS branded wallpaper changer, “updates” from the pro-Kurdish ANF news agency, and a fake version of the messaging app, Vidogram.

The malware collects data including contact lists stored on the victim’s mobile device, phone call records, SMS messages, browser history and bookmarks, geo-location of the victim, photos, surrounding voice recordings and more, Check Point stated.

A senior member of one of the main Iranian Kurdish opposition parties confirmed the Iranian state is targeting Kurds online with spyware.

“We have seen an increase in Iranian use of spyware, especially on messaging services like Telegram and Viber. Iran also insert spyware into different files on websites it has dedicated to write about the Kurdish political parties,” Loghman H. Ahmedi, a senior member of the Democratic Party of Iranian Kurdistan’s (PDKI) leadership, told Kurdistan 24.

“People who are curious tend to download and forward these files and in doing so, compromise their mobile phones and computers. We have strict procedures regarding the use of smartphones and urge people not to download files or open messages even if it is from friends or family,” he added.

“But due to the lack of security software, it has been proven hard to completely protect ourselves from this type of espionage,” he said.

Apart from spyware, Iran is also increasing the number of fake social media accounts that write in English, the official said. 

“These accounts tend to be activated every time Iran commits some form of violence against the Kurdish people, or if Iran is put under pressure by the international community, and they often use the same line of arguments that Iranian lobbyists in the US and Europe do,” he said. 

“It seems to be coordinated with the lobbyists, especially with individuals linked to the NIAC [National Iranian American Council] in the US and members of different leftist organizations in Europe,” he concluded.

The spike in Iranian spy activities could be related to the increasing unrest in Iranian Kurdistan and clashes between Iranian Kurdish opposition groups and the Islamic Revolutionary Guard Corps. Recently, Iran launched seven missiles at the headquarters of parties in opposition to the Islamic Regime, killing 15 and injuring 42. Moreover, Iran has also recently executed six Kurdish political prisoners.

Kurdistan24

You Might Also Read:

Iran’s Internal Conflict Plays Out On Social Media:

The Resurgent Cyber Threat From Iran:

 

« A Breakthrough In Video Analytics
Keeping Young People Off The Dark Web »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall And Why Does It Matter

See how to use next-generation firewalls (NGFWs) and how they boost your security posture.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Security Weekly

Security Weekly

Security Weekly provides free content within the subject areas of IT security news, vulnerabilities, hacking, and research.

CROW - University of Waikato

CROW - University of Waikato

CROW is the first cyber security lab established in a New Zealand educational institution at the University of Waikato.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Veritas Technologies

Veritas Technologies

Veritas provide industry-leading solutions that cover all platforms with backup and recovery, business continuity, software-defined storage and information governance.

ABS Group

ABS Group

ABS Group provides risk and reliability solutions and technical services that help clients confirm the safety, integrity and security of critical assets and operations.

Maven Technologies

Maven Technologies

Maven Technologies specialize in secure data destruction, electronics recycling, asset management, and highly detailed reporting.

CyberGuru

CyberGuru

CyberGuru is a service provided by CyberSecurity Malaysia specializing in cyber security professional training and development.

BLOCKO

BLOCKO

BLOCKO is a blockchain specialized technology company that has experienced and achieved the largest amount of business in South Korea.

CertiPath

CertiPath

CertiPath create products and services that ensure the highest levels of validation for digital identities that attempt to access customers’ networks.

NodeSource

NodeSource

NodeSource helps organizations run production-ready Node.js applications with greater visibility into resource usage and enhanced awareness around application performance and security.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

Unlimited Technology

Unlimited Technology

Unlimited Technology offers a wide range of talent and experience, from assessing your requirements to implementing technologically advanced security solutions to best fit your needs.

AdEPT Technology Group

AdEPT Technology Group

AdEPT are a managed services and telecommunications provider offering award-winning, proven and uncomplicated technical solutions for over 12,000 organisations across the UK.

Aryaka

Aryaka

Aryaka’s SmartServices offer connectivity, application acceleration, security, cloud networking and insights leveraging global orchestration and provisioning.

Thunder Shield Security

Thunder Shield Security

Thunder Shield is a professional cyber security service provider of penetration test, source code review and security assessment services.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.