The “Emennet Pasargad” group is already well known to the American authorities, and attacks Israeli targets in particular.
by Florian Reynaud and Damien LELOUP
Microsoft’s security team (DTAC) A Announced, Friday, February 3, having connected the hacker with a victim Charlie Hebdo to a group of Iranian state hackers, baptized Emennet Pasargad by the FBI – and Neptunium by the giant of the ‘computer.
On January 4, stolen data on the servers of the satirical newspaper, including email and postal addresses of subscribers, were put on sale on at least two specialized forums. Database samples have also been published on the Internet. Piracy was also accompanied by an online propaganda campaign, of limited magnitude, led by false accounts on Twitter and Facebook attacking the weekly, as Mo12345lemonde had revealed. To date, several Twitter accounts identified in this operation are still online, according to the findings of the world, but some of them have changed their identity, tweeting in particular in Hebrew and posing as Israeli Internet users.
This operating mode corresponds very precisely to that of Emennet Pasargad, writes Microsoft, which does not specify whether its analysis is also based on non -public technical indicators. “The attack coincided with criticism from the Iranian government against the Charlie Hebdo caricatures project,” writes the company. At the beginning of January, the weekly had indeed planned to publish the results of an International Caricature Competition of the Iranian Supreme Guide. On the day of hacking, the Iranian Minister of Foreign Affairs had denounced “the insulting acts of the French newspaper”.
flight and dissemination of data
Emennet Pasargad had been the subject of FBI report notice in January 2022 . The American Federal Agency noted that the group had historically attacked Israeli targets, but has since expanded its potential prey and could represent a threat to American companies and administrations.
In a consecutive report, The American authorities had described several elements typical of the Modus Operandi of Emennet Pasargad, very similar to the attack of which Charlie Hebdo was victim. “The group amplifies and often promotes the theft and leak of the data of its victims by rising their own broadcast site, but also by using Telegram messaging and discussion forums,” explained the American authorities at the time.
For example, the FBI considers that this entity has passed for a group of Propalestinian hacktivists, named Hackers of Savior, in order to attack several Israeli targets, stealing and leaking data, as that by modifying the home page of several sites. In Charlie Hebdo, hacking was claimed by a hacker named Holy Souls, who also “defeated” (that is to say modified the home page) of French websites to boast her actions and disseminate stolen data at the weekly on several discussion forums.