An Iranian State-Affiliated Hacker Group Targeted 13 U.S. Treasury Officials
A group of Iranian hackers spent a month trying to break into the private email accounts of 13 U.S. Treasury officials around the same time President Trump re-imposed Iranian sanctions.
The Associated Press used data from London-based cybersecurity firm, Certfa, to chart attempts from an Iranian hacking group to break into the email accounts of U.S. Treasury officials, D.C. think tank workers, and other high-profile supporters, critics and enforcers of the Iranian nuclear deal.
The hacker group, known as ‘Charming Kitten’, targeted 77 Gmail and Yahoo email accounts in an attempt to uncover further information on the incoming sanctions.
After Charming Kitten mistakenly left a server connected to the internet, Certfa was able to extract the ‘hit list’ of email accounts they were targeting, as well as gain some insight on the group’s digital infrastructure.
In a post on Certfa’s blog, the cybersecurity company revealed Charming Kitten employed a highly-targeted campaign of phishing attacks. It is unclear if any of the email accounts were compromised.
The domain used by the hackers appears to match a domain previously used to launch phishing attacks against U.S. financial institution infrastructure, which Certfa believes is linked to a hacker group with ties to the Iranian government.
Iran has denied responsibility for previous cyber attacks on U.S. institutions. The attacker’s interests, however, align very closely with the Iranian government’s own interests. Among those targeted in the most recent phishing campaign were several nuclear officials, including Guy Roberts — the U.S. Assistant Secretary of Defense for Nuclear, Chemical and Biological Defense Programs, AP reports.
Among the 77 targeted email accounts were accounts held by a prominent nuclear scientist, a U.S. State Department official, a former member of the National Security Council, a Director at the Financial Crimes Enforcement Network, and a Pentagon aerospace contractor.
Frederick Kagan, a scholar at the American Enterprise Institute whose work focuses on Iranian cyberespionage was also one of the targets. He told AP, “presumably, some of this is about figuring out what is going on with sanctions,” but added that the targeting of nuclear scientists was “a little more worrisome than I would have expected.”
Kagan added that there were clear signs the campaign was an extensive, state-backed operation. “It doesn’t look like freelancers,” he concluded.