Revealed: How Iranian Hackers Targeted British Experts to Steal Information

The actions of hackers over the world, targeting public institutions have been in the news lately and the governments in a bid to curtail this menace have employed the services of some hackers themselves to help protect user data as it seemed helpless of the ways to tackle the scourge.

The hackers, laying hands sensitive data, not only targeted state secrets but private firms and individuals as well as academic institutions, private firms and hospitals.

The government sponsored hackers themselves have been having successful digital assaults with initial reports saying the hacks coming from China and Russia but Iran has joined the fray.

What is the role of Iran in all of this? 

It now appears the republic of Iran has seen that cyber-hacking can develop its own cyber force and power, a form of unmilitary welfare.

According to a United States specialist in National Security Policy, Iran has been lately investing in developing its cyber forces and organizations to propel itself higher in the world standing.

The move seem to be paying off as hacking operations from the Islamic Republic have received traction in days, with carefully carried out  execution of its digital onslaughts.

American Cyber-security firm, Proofpoint had in a report published on Tuesday identified a Iranian hacker cell disguising as British academics at London’s School of Oriental and African Studies (SOAS).  

According to the report, the hackers with the group coinage, ‘Spoofed Scholars’ started with sending out emails to members of the London School of Oriental and African Studies (SOAS), inviting them to an online conference titled: “The U.S. Security Challenges in the Middle East.”, inviting the recipients of the mail to speak at the conference. Then a the disguised hackers after establishing conversation with the innocent SOAS University members, in the process send them a registration that appears to be hosted by a real  website of  the University that has been earlier manipulated by the hackers themselves.

The University website that has been breached before-hand by the hackers belonged to the university’s online radio station and production company. After the recipients of the mail may have clicked on what looked like seized and taken from the clickers of the link, showing the intricacy of the Iranian hackers digital hacking skills.

According to Proofpoint, The Iranian hacker group is widely believed by the UK regional experts to have a linkage to Iran’s elite Revolutionary Guard’s intelligence unit, with the core mandate of accessing and stealing sensitive information regarding foreign policy, insights into anti-Iranian movements, as well as the United States’ negotiations over Iran’s nuclear programs. This move is believed as efforts of the Iranian hierarchy to be a step ahead of its opposition.

A screenshot of the hacked website which invited recipients of the email to register using their credentials. Credits: Proofpoint. 

Sherrod DeGrippo, the Senior Director of Proofpoint Threat Research and Detection told the BBC that the hacking operation was “highly unusual and more sophisticated for this group.” 

The level of hacking sophistication with the hacker group was highlighted by a member of the SOAS University in London who reported that the conversation with the hacker group appears so lengthy and real, that there was confidence and trust while conversing with them. The University member even narrated a request for a private video conference with the hackers, a request they obliged. The fact that they were willing to take a step further from just engaging via emails to connecting through video shows their sophistication and understanding of the modus-operandi of academics in real life.

Prrofpoint further reported that going to 10 organizations that consisted of Professors, senior academics in the know about Middle-Eastern affairs, and some with ties to regional journalists were targeted by the hackers.

The SOAS University was lucky to discover the breach on time, and had the site taken down and fixed. It then issued a statement reassuring its members of staff that personal information of the members and the University data were not leaked, adding that it had “taken steps to further improve protection of its peripheral systems.” 

Lindy Cameron, the Chief Executive Officer at the UK’s National Cyber Security Center, had early Julytold the Financial Times that British citizens should expect multiple hacking attempts from Iran as their intelligence unit has been utilizing digital technology to steal information. 
 
Proofpoint’s Degrippo also told the Financial Times that: “Iran has always been very focused on [targeting] academics, scientists, professors and diplomats. This just shows that they are continuing that focus, most likely because it’s been paying off.”