Microsoft blames Iran-backed crew for Charlie Hebdo breach • The Register

Microsoft believes the gang who boasted it had stolen and leaked greater than 200,000 Charlie Hebdo subscribers’ private info is none aside from a Tehran-backed gang.

On Friday, Redmond’s Digital Menace Evaluation Middle (DTAC) attributed the cyber-heist to Iran’s Neptunium, which the US Division of Justice tracks as Emennet Pasargad.  

The stolen information, which included names, telephone numbers and addresses, “might put the journal’s subscribers prone to on-line or bodily focusing on by extremist organizations,” said Clint Watts, normal supervisor of DTAC.

“We imagine this assault is a response by the Iranian authorities to a cartoon contest performed by Charlie Hebdo.”

In December, the satirical French journal announced a contest for cartoons “ridiculing” Iranian Supreme Chief Ali Khamenei. The profitable cartoons would then be printed within the magazine in early January — marking the eight-year anniversary of the mass shooting inside Charlie Hebdo’s Paris workplace by two Muslim terrorist brothers that left 12 individuals lifeless and 11 others injured.

On January 4, a beforehand unknown cyber-crime group that known as itself Holy Souls claimed to have stolen a Charlie Hebdo database containing 230,000 prospects’ names, e mail addresses, telephone numbers, addresses, and monetary info, and offered it on the market for about $340,000. 

Holy Souls is, in reality, Neptunium, aka Emennet Pasargad, based on Microsoft. This is similar Iranian gang that harassed US voters and launched disinformation campaigns throughout the 2020 presidential election. 

In late October, the FBI issued a warning about this group, which the Feds stated is thought for utilizing hack-and-leak operations in opposition to victims in addition to false-flag personas to shift blame elsewhere. 

And now, below the guise of Holy Souls, the Iranian government-backed group was as much as their standard TTPs.

After claiming to steal the Charlie Hebdo database, the miscreants then launched a pattern of the information on YouTube, which Le Monde later verified as legit. 

“The discharge of the complete cache of stolen information – assuming the hackers even have the information they declare to own – would primarily represent the mass doxing of the readership of a publication that has already been subject to extremist threats (2020) and deadly terror attacks (2015),” Watts wrote.

Subsequent up: the affect operation a part of Neptunium’s shtick. 

As with its earlier assaults, the crew used phony social media accounts — together with some that claimed to be French authority figures — and contacted information organizations in an try and amplify their disinformation marketing campaign.

The miscreants used “dozens” of French-language sockpuppet accounts to criticize Charlie Hebdo and the Khamenei cartoons on Twitter. 

“Crucially, earlier than there had been any substantial reporting on the purported cyberattack, these accounts posted identical screenshots of a defaced web site that included the French-language message: ‘Charlie Hebdo a été piraté’ (‘Charlie Hebdo was hacked’),” Watts stated.

Most of those sockpuppet accounts have been created on January 4. Inside a couple of hours of their tweets, Microsoft documented at the least two others, one purporting to be a French tech exec and the opposite a Charlie Hebdo editor, that started posting screenshots of the information dump. Twitter has since suspended each accounts. ®