Operation Newscaster

Logo designed by iSIGHT Partners

"Operation Newscaster", as labelled by American firm iSIGHT Partners in 2014, is a cyber espionage covert operation directed at military and political figures using social networking, allegedly done by Iran. The operation has been described as "creative",[1] "long-term" and "unprecedented".[2] According to iSIGHT Partners, it is "the most elaborate cyber espionage campaign using social engineering that has been uncovered to date from any nation".[2]

ISight's perceptions

A screenshot from NewsOnAir.org

On 29 May 2014, Texas-based cyber espionage research firm iSIGHT Partners released a report, uncovering an operation it labels "Newscaster" since at-least 2011, has targeted at least 2,000 people in United States, Israel, Britain, Saudi Arabia, Syria, Iraq and Afghanistan.[2][3]

The victims who are not identified in the document due to security reasons, are senior U.S. military and diplomatic personnel, congresspeople, journalists, lobbyists, think tankers and defense contractors, including a four-star admiral.[2][3]

The firm couldn’t determine what data the hackers may have stolen.[3]

According to the iSIGHT Partners report, hackers used 14 "elaborated fake" personas claiming to work in journalism, government, and defense contracting and were active in Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger. To establish trust and credibility, the users fabricated a fictitious journalism website, NewsOnAir.org, using content from the media like Associated Press, BBC, Reuters and populated their profiles with fictitious personal content. They then tried to befriend target victims and sent them "friendly messages"[1] with Spear-phishing to steal email passwords[4] and attacks and infecting them to a "not particularly sophisticated" malware for data exfiltration.[2][3]

The report says NewsOnAir.org was registered in Tehran and likely hosted by an Iranian provider. The Persian word "Parastoo" (پرستو; meaning swallow) was used as a password for malware associated with the group, which appeared to work during business hours in Tehran[2] as they took Thursday and Friday off.[1] iSIGHT Partners could not confirm whether the hackers had ties to the Iranian government.[4]

Analysis

According to Al Jazeera, Chinese army's cyber unit carried out scores of similar phishing schemes.[4]

Morgan Marquis-Boire, a researcher at the University of Toronto stated that the campaign "appeared to be the work of the same actors performing malware attacks on Iranian dissidents and journalists for at least two years".[4]

Franz-Stefan Gady, a senior fellow at the EastWest Institute and a founding member of the Worldwide Cybersecurity Initiative, stated that “They’re not doing this for a quick buck, to extrapolate data and extort an organization. They’re in it for the long haul. Sophisticated human engineering has been the preferred method of state actors”.[4]

Reactions

References

This article is issued from Wikipedia - version of the 6/7/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.