As Israel’s war in Gaza continues, Iran has deployed hackers to spy on Middle East experts around the world in what appears to be an attempt to understand the foreign policy community’s thinking about the conflict.
Since November 2023, hackers affiliated with Iran’s Islamic Revolutionary Guard Corps have been “targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States,” Microsoft said in a report published on Wednesday.
To patiently win the trust of these targets before sending them malware-laced documents, Iran has impersonated well-known journalists, sometimes by hacking those journalists’ email accounts. The hackers begin by asking their victims for their thoughts about the war. If the target responds favorably, the hackers follow up with a document supposedly containing a news article or other report about the war. In fact, the document contains malware that activates when opened, contacting the hackers’ server and downloading additional malicious files.
The academic experts in Iran’s crosshairs are people “who work with or who have the potential to influence the intelligence and policy communities” in the U.S., Europe and Israel, Microsoft said. Those targets apparently hold a wide range of opinions about the conflict, as Microsoft surmised that Iran wanted to “gather perspectives … from individuals across the ideological spectrum.”
The Iranian hacking group, which Microsoft calls “Mint Sandstorm,” used phishing emails related to the war that were carefully designed to trick specific people into downloading Iranian malware. In some cases, Microsoft said, Mint Sandstorm used never-before-seen attack tools designed to open a backdoor into their targets’ systems.
Mint Sandstorm is one of Iran’s most formidable cyber units, known for quickly taking advantage of newly disclosed software flaws. Its targets have included political activists, Western defense companies, energy and transportation providers and government officials. During 2021 and 2022, the group targeted U.S. energy, transit, and maritime transportation companies, according to Microsoft.
Iran’s espionage campaign aimed at foreign-policy specialists demonstrates what security experts say is Tehran’s strategy of preparing for geopolitical changes that could challenge the conservative Islamic regime. It is one component of a broader Iranian cyberwar strategy that also includes attacks on U.S. water facilities and Israeli infrastructure operators.
And Iran is getting more sophisticated every day. In its new report, Microsoft warned of the Mint Sandstorm hackers’ impressive “patience, resources, and skills.”
——————————————————–