The Iranian-backed hackers who stole personal data on Australian politicians last month also attacked the UK Parliament in 2017, according to new research from a cyber security firm that reveals Iran’s campaign of cyber espionage against its enemies.
Los Angeles-based Resecurity said that the hack of the Australian Parliament on February 8 “is a part of a multi-year cyber espionage campaign” by an Iranian-backed hacking group they call Iridium.
Charles Yoo, the president of Resecurity, said: “This actor targets sensitive government, diplomatic and military resources.”
While Australia has not officially named Iran as the source of the attack, the Wall Street Journal has already highlighted the Iran connection between attacks on the Five Eyes intelligence alliance comprising the US, Canada, the UK, Australia and New Zealand. The BBC has previously said that the 2017 British parliament attack was carried out by Iran, but this is the first time the two have been connected.
How the hack worked
The Iranian hackers used brute force attacks to guess the passwords of the lawmakers in Australia and the UK that they wanted to target. After guessing the correct passwords, hackers gained an incredible amount of data, including names, email addresses, birthdates, and more, on the politicians and their staff.
In the attack on the UK parliament, the email accounts of 90 Members of Parliament were compromised, as well as a database belonging to the Liberal Democratic Party of London.
Resecurity managed to obtain some of the data stolen in the hacks.
Yoo said: “We don’t believe they are really trying to influence elections but we know that they are collecting so-called strategic intelligence.”
Aside from Australia and the UK, Iran has been vastly increasing its cyber-attacks against the US in recent months, since Donald Trump pulled the US out of the 2015 nuclear deal and reinstated sanctions on Iran.
In February, the US charged in absentee former US counterintelligence agent Monica Elfriede Witt with spying for Iran and four Iranians — Behzad Mesri, Mojtaba Masoumpour, Hossein Parva, and Mohamad Paryar — with targeting Witt’s former colleagues based on information she provided and other cyber espionage.
Mesri was previously charged with a hack on HBO in 2017, where he demanded millions in Bitcoin as ransom.
Late last year, an Iranian hacking collective also targeted the cities of Atlanta and Newark, hacking government entities, hospitals, schools, and businesses.
The Iranian Regime uses cyber espionage and hacking, in much the same way that they do proxy militias, to attack their enemies without Iranian casualties and to attempt to hide the Regime’s involvement.
Source » ncr-iran