Hackers in Iran target foreign nuclear experts and US officials
Iranian-backed hackers scrambled to break into the personal emails of US Treasury officials after harsh economic sanctions were placed on Tehran last month, a cyber security group said.
The hacking group, named Charming Kitten, also targeted foreign nuclear experts in data tracked by Certfa analysts in the UK.
Hacking has long been a feature of the tense relationship between the US and Iran. The most recent attack took aim at nuclear deal defenders and detractors, Arab atomic scientists, Iranian civil society figures and Washington think tank employees.
US President Donald Trump renewed sanctions on Iran’s energy, shipping, shipbuilding and financial sectors last month.
“Presumably, some of this is about figuring out what is going on with sanctions,” said Frederick Kagan, a scholar at the American Enterprise Institute, who was also targeted in the attack.
The hit list surfaced after Charming Kitten accidentally left one of its servers open to the internet last month. Researchers at Certfa found the server and extracted a list of 77 Gmail and Yahoo addresses targeted by the hackers. The list provides insight into Tehran’s espionage priorities.
“The targets are very specific,” Certfa researcher Nariman Gharib said.
Certfa tied the hackers to the Iranian government, a judgment drawn in part on operational blunders, including a couple of cases where the hackers appeared to have accidentally revealed that they were operating from computers in Iran. The assessment was backed by others who tracked Charming Kitten.
Allison Wikoff, an online security researcher, recognised some of the digital infrastructure in Certfa’s report and said the hackers’ past operations left little doubt they were statebacked. “It’s fairly clear cut,” she said.
Mr Kagan said most signs
pointed to a serious, government-backed operation.
“It doesn’t look like freelancers,” he said.
Iran previously denied responsibility for hacking operations. The most striking among the targets were the nuclear officials – a scientist working on a civilian nuclear project for Pakistan’s defence ministry, a senior operator at the Jordan Research and Training Reactor and a high-ranking researcher at the Atomic Energy Commission of Syria.
Others on the list – such as Guy Roberts, the US Assistant Secretary of Defence for Nuclear, Chemical, and Biological Defence Programmes – pointed to the hackers’ eagerness to keep track of officials responsible for overseeing America’s nuclear arsenal. “This is something I’ve been worried about,” Mr Roberts said when told he was on the list. More targets are connected to the Iran deal.
Andrew J Grotto, whose tenure on the US National Security Council straddled the Obama and Trump administrations, has written about Iran’s nuclear ambitions. Jarrett Blanc, a US State Department official involved in the implementation of the nuclear deal under Mr Obama, was also on the list. He said the news came as no shock.
“I’d be very surprised if there were not Iranian groups trying to hack into my various email accounts,” he said.