- I tested a Pixel Tablet without any Google apps, and it's more private than even my iPad
- My search for the best MacBook docking station is over. This one can power it all
- This $500 Motorola proves you don't need to spend more on flagship phones
- Finally, budget wireless earbuds that I wouldn't mind putting my AirPods away for
- I replaced my Linux system with this $200 Windows mini PC - and it left me impressed
Iranian Threat Actor Neptunium Associated With Charlie Hebdo Cyber-Attacks
The Iranian threat actor called Neptunium by Microsoft has been associated by the tech giant with a recent hacking operation targeting the satirical French magazine Charlie Hebdo.
Microsoft’s Digital Threat Analysis Center (DTAC) shared the findings last Friday in a blog post, adding that Neptunium is likely the same group that has been identified by the US Department of Justice (DoJ) as “Emennet Pasargad” in the past.
“In early January, a previously unheard-of online group calling itself ‘Holy Souls,’ which we can now identify as Neptunium, claimed that it had obtained the personal information of more than 200,000 Charlie Hebdo customers after ‘gain[ing] access to a database,'” reads the blog post.
“This information, obtained by the Iranian actor, could put the magazine’s subscribers at risk of online or physical targeting by extremist organizations.”
According to the security experts, the attack was conducted in retaliation for a cartoon contest by Charlie Hebdo aimed at “ridiculing” Iranian Supreme Leader Ali Khamenei.
Microsoft said Neptunium advertised the trove of stolen data on YouTube and several dark web forums for 20 Bitcoin (roughly $340,000 at the time).
“There are several elements of the attack that resemble previous attacks conducted by Iranian nation-state actors,” reads the Microsoft post by DTAC general manager Clint Watts.
These include a hacktivist persona claiming credit for the cyber-attack, claims of successful website defacement, leaked private data online, inauthentic social media “sockpuppet” personas, the impersonation of authoritative sources and contacting news media organizations.
Writing in an advisory last year, the US DoJ confirmed Microsoft’s new claims, saying Emennet poses a broader cybersecurity threat outside of information operations.
“Since 2018, Emennet has conducted traditional cyber exploitation activity targeting several sectors, including news, shipping, travel (hotels and airlines), oil and petrochemical, financial, and telecommunications, in the United States, Europe, and the Middle East.”
Both the Microsoft and DoJ advisories include recommendations to help system administrators protect networks from Neptunium’s attacks.
The news comes days after Iranian threat actor Cobalt Sapling was spotted targeting Saudi Arabia with a new persona called “Abraham’s Ax.”
