European authorities have taken action to take down a cyber espionage campaign believed to be linked to Iran’s powerful Revolutionary Guard, which has targeted 1,600 high-profile targets, including Israeli nuclear scientists, NATO officials and Iranian dissidents, according to security researchers.
The hacker group – dubbed “Rocket Kitten” by security experts who have been hunting the outfit since early 2014 – has mounted cyberattacks on high-profile political and military figures globally since that time, according to researchers from several cyber security firms who have monitored its activities.
Iran has taken another hit in the cyberwar. (Photo: Shutterstock)
The action could hamper Tehran’s efforts to gather sensitive intelligence from rivals including Israel, Saudi Arabia, Turkey and the United States which were among the nations targeted.
“We have discovered the inner workings of a cyber espionage campaign,” Shahar Tal, research group manager for US-Israeli security firm Check Point Software, told Reuters in an interview.
“It is extremely rare to obtain a comprehensive check-list of an nation’s military intelligence interest,” Tal said of the list of espionage targets discovered in the Iran hacker group’s databases.
An official with Israeli internal security service Shin Bet told Reuters: “This matter is familiar to us and is being attended to,” but would not offer more details. Europol and the FBI said they could not immediately comment.
Check Point plans to issue a report later on Monday. According to an advance copy obtained by Reuters, the report details how its experts burrowed inside the hacker group’s database, giving them a map of malicious software tools and remote-controlled computers used by the group.
In coordinated actions, “command and control” computer links hosted unknowingly by five commercial data hosting and satellite communications operators in Europe, have largely now been shut down, Tal said, crippling the hackers’ capacity, at least for some months, to launch fresh attacks.
Computers in Europe were used by Rocket Kitten hackers in Tehran to stage remote attacks on targets in Saudi Arabia, other countries neighboring Iran, Israel, Europe, the United States, Venezuela and Iran itself, according to Check Point researchers.
“We believe these attacks are very similar to the ones previously attributed to the Iranian Revolutionary Guard Corps,” Tal said of links between the two groups. Other cyber security researchers have stopped short of linking the two groups.
A spokesman at the Revolutionary Guards’ headquarters in Tehran declined to comment. Iranian foreign ministry officials were not available for comment.
Iran has been hit by several debilitating computer virus campaigns including Stuxnet, a cyber weapon jointly developed by the United States and Israel that destroyed some Iranian nuclear production facilities. Iran has responded with its own cyber spying capabilities since 2012, computer experts say.
The actions come as US President Barack Obama and Prime Minister Benjamin Netanyahu met on Monday for the first time since the Israeli leader lost his battle against the Iran nuclear deal.