Microsoft: Iranian Nation-State Group Sanctioned by U.S. Behind Charlie Hebdo Hack

An
Iranian
nation-state
group
sanctioned
by
the
U.S.
government
has
been
attributed
to
the
hack
of
the
French
satirical
magazine
Charlie
Hebdo
in
early
January
2023.

Microsoft,
which
disclosed
details
of
the
incident,
is
tracking
the
activity
cluster
under
its
chemical
element-themed
moniker

NEPTUNIUM,
which
is
an
Iran-based
company
known
as
Emennet
Pasargad.

In
January
2022,
the
U.S.
Federal
Bureau
of
Investigation
(FBI)

tied
the
state-backed
cyber
unit
to
a
sophisticated
influence
campaign
carried
out
to

interfere
with
the
2020
presidential
elections.
Two
Iranian
nationals
have
been
accused
for
their
role
in
the
disinformation
and
threat
campaign.

Microsoft’s
disclosure
comes
after
a
“hacktivist”
group
named
Holy
Souls
(now
identified
as
NEPTUNIUM)
claimed
to
be
in
possession
of
the
personal
information
of
more
than
200,000
Charlie
Hebdo
customers,
including
their
full
names,
telephone
numbers,
and
home
and
email
addresses.

The
breach,
which
allowed
NEPTUNIUM
to
gain
access
to
an
internal
database,
is
suspected
to
have
been
orchestrated
as
a
retaliation
against
the
publication
for
conducting
a

cartoon
contest
“ridiculing”
Iranian
Supreme
Leader
Ali
Khamenei.

The
release
of
the
full
cache
of
stolen
data
could
lead
to
mass
doxing,
Redmond
further
cautioned.

“After
Holy
Souls
posted
the
sample
data
on
YouTube
and
multiple
hacker
forums,
the
leak
was
amplified
by
a
concerted
operation
across
several
social
media
platforms,”
the
Windows
maker’s
Digital
Threat
Analysis
Center
(DTAC)

said.

“This
amplification
effort
made
use
of
a
particular
set
of
influence
tactics,
techniques,
and
procedures
(TTPs)
DTAC
has
witnessed
before
in
Iranian
hack-and-leak
influence
operations.”

The
points
of
similarity
include
the
use
of
false-flag
personas
to
conduct
their
hack-and-leak
operations,
inauthentic
sockpuppet
accounts,
and
the
impersonation
of
authoritative
sources,
corroborating
an

October
2022
advisory
from
the
FBI.

The
goal,
the
FBI
assessed,
is
to
“undermine
public
confidence
in
the
security
of
the
victim’s
network
and
data,
as
well
as
embarrass
victim
companies
and
targeted
countries.”

“These
hack-and-leak
campaigns
involve
a
combination
of
hacking
/
theft
of
data
and
information
operations
that
impact
victims
via
financial
losses
and
reputational
damage,”
the
agency
added.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts