close
close
migores1

Iran ran fake HR firm to root out unfriendly spies, researchers say By Reuters

By Christopher Bing

(Reuters) – An Iranian hacking group ran a fake professional recruitment business to lure national security officials from Iran, Syria and Lebanon into a cyber espionage trap, according to new research by U.S. cybersecurity firm Mandiant , a division of Alphabet (NASDAQ:)”. s Google Cloud.

Researchers said the hackers have loose ties to a group known as APT42, or Charming Kitten, which was recently accused of hacking Republican candidate Donald Trump’s US presidential campaign. APT42 is widely attributed to an intelligence division of Iran’s Revolutionary Guard, a sprawling military organization based in Tehran. The FBI said it is investigating APT42’s ongoing efforts to interfere in the 2024 US election.

The mission discovered by Mandiant dates back to at least 2017 and was active until recently. At different times, the Iranians made their operation appear to be controlled by the Israelis. Analysts say the likely purpose of the impersonation was to identify people in the Middle East who were willing to sell secrets to Israel and other Western governments. It targeted military and intelligence personnel associated with Iran’s allies in the region.

“The data collected by this campaign can support the Iranian intelligence apparatus in identifying individuals who are interested in working with countries considered adversaries of Iran,” the Mandiant report said. “The data collected can be used to uncover human intelligence (HUMINT) operations conducted against Iran and to persecute any Iranians suspected of being involved in these operations.”

Iran’s mission to the United Nations did not immediately respond to a request for comment.

Mandiant found that digital spies used a network of websites impersonating human resources companies to manipulate Farsi-speaking targets. The bogus firms were named VIP Human Solutions, also known as VIP Recruitment, Optima HR and Kandovan HR, among others. They used dozens of fake online profiles on Telegram, Twitter, YouTube and the social media platform Virasty, which is popular in Iran, to promote the front companies. Since then, almost all associated internet accounts have been removed.

© Reuters. FILE PHOTO: Figures with computers are seen in front of the US and Iranian flags in this illustration taken September 10, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

“VIP Recruitment, a center for the recruitment of respected military personnel in the military, security and intelligence services of Syria and Hezbollah, Lebanon,” reads a statement on one of the sites. “Join us to help each other impact the world. Our job is to protect your privacy.”

Hackers have cast a wide net using various social media platforms to disseminate links about their fake HR scheme. It’s unclear how many targets ultimately fell for the ruse. The collected data, which includes addresses, contact details and other CV-related data, could still be exploited in the future, Mandiant said.

Related Articles

Back to top button