A month after the mysterious hack of the satirical weekly Charlie Hebdo, Microsoft’s Digital Threat Intelligence Center has just attributed the intrusion to the Iranian state-linked Emennet Pasagard group. “We believe this attack is the Iranian government’s response to a cartoon contest organized by Charlie Hebdo,” the US publisher said.
Microsoft is referring to a media appeal launched in December to ridicule the “Supreme Leader of the Islamic Republic of Iran,” a “religious leader from another era.” The contest, designed to support “the struggle of Iranians fighting for their freedom,” the weekly said.
Similar procedure
If the American publisher explains that its attribution is based on a “wider” set of information, and therefore not all public information, then its security team’s arguments focus on how this attack was made public. Microsoft notes that the reports of the hack are similar to previous influence operations carried out after computer attacks by entities linked to Iran.
Le Monde, for example, pointed to a very vague profile of the hacker who claimed the operation, backed up by a nebulous galaxy of accounts. Microsoft also notes this support for fake social media accounts, one of which usurps the identity of one of the newspaper’s executives, apparently set up to relay the attack.
Or a scheme “typical of Iranian state-sponsored operations,” Microsoft sums up. And to remind you that for the FBI, the US Federal Investigation Service, this kind of maneuver is designed to undermine public confidence in the security of the targeted organization.
High selling price
The computer attack was announced on the Breached data leak forum by a new mysterious user, Holysouls. The price of selling the personal information of 230,000 media clients and internal documents to a magazine – twenty bitcoins, or more than 400,000 euros at the current exchange rate – surprised. This type of data breach usually trades at much lower prices.
In addition to the Charlie Hebdo hack, Emenneth Pasagard’s group is accused by the FBI of attempting to interfere in the 2020 US presidential campaign. It is also suspected of carrying out a false-flag “Yemeni Cyber Army” attack. , an operation directed against Saudi Arabia or attacking targets in Israel.
But the group will also carry out more traditional malicious activities targeting the hospitality, telecommunications, financial and even oil sectors. So many military exploits that the US administration has offered a massive reward, up to $10 million, for any information of interest.