Iranian Hackers Targeted U.S. Military, Government and Media Over Three Years Using Social Media, Says Report

A recent report from iSIGHT Partners, a Dallas-based computer-security firm, has exposed a three-year long cyber espionage campaign coming out of Iran. The attacks affected approximately 2,000 U.S. personal computers since 2011, and they specifically targeted U.S. military members, Senators, diplomats, lobbyists, and Washington-based journalists.

The Iranian hackers used social media sites such as Facebook, Twitter, and LinkedIn to spread malware to their targets. Those who fell victim to the cyber attacks were directed to links that unleashed malware and phishing attempts with fake log-in screens used to steal usernames and passwords.

The hackers even impersonated journalists and defense contractors and set up a fake news website, NewsOnAir.org (not to be confused with India’s NewsOnAir.com). The news site used content copied from other websites, with real writer names swapped out for fake ones.

iSIGHT Partners, which dubbed the threat “NEWSCASTER,” was able to pinpoint Iran as the source of the attacks based on data collected from the attack website. The website used for the attacks was registered in Tehran, with other sites the hackers used hosted in Iran, as well. The malware contained several Persian words, and the time stamps for the hackers’ activity matched the professional working hours in Tehran, with time off on Iranian weekends and holidays.

Military and government computers typically use plenty of software protections, in addition to military-grade transit cases commonly used by the Aerospace industry and Boeing, as well, to physically protect equipment. However, when it comes to hackers, the protections are becoming more and more difficult to utilize as time goes on and Iran begins to catch up with the more complex hacking methods used in China and Russia.

The findings, according to iSIGHT Partners, reveal three “critical insights”: that social media is a powerful and covert way to lure in government leaders and others in related industries; that the hackers may have used this technology to gain knowledge to develop weapons systems; and that these attacks are becoming increasingly sophisticated by using multiple social media platforms.

It’s unclear what sort of information was taken by the hackers, but iSIGHT Partners concludes that this effort “is unprecedented in complexity, scale, and longevity,” and that any organizations that may have information of strategic or tactical interest to U.S. enemies should be concerned about threats like NEWSCASTER.