331-999-0071

Iranian Cyber and Physical Acts Against Any Opposition - Cyber Grey Zone

From Cyber Grey Zone Actions to Assassinations – In the Crosshairs.

Următoarea este o prezentare generală a tacticilor, tehnicilor și metodelor regimului iranian folosite împotriva dizidenților și a grupurilor de opoziție. Organizația Poporului Mojahedin din Iran (PMOI) ține o conferință Iranul Liber în fiecare vară. În fiecare an, regimul iranian lucrează pentru a discredita, a perturba, a întârzia și a distruge orice încercare la PMOI de a organiza conferința. De la amenințări fizice la pirateria guvernelor străine la presiunea politică din cauza schimburilor de prizonieri, Iranul folosește orice tactică disponibilă pentru a împinge limitele în timpul fiecărei acțiuni. Iranul continuă aceste acțiuni.

Cyber grey zone actions blur the line between acceptable state behavior and hostile acts, creating challenges for attribution, response, and establishing explicit norms and rules in the cyber domain. Addressing these challenges requires international cooperation, robust cybersecurity measures, and the development of norms and agreements to regulate state behavior in cyberspace.

Activitățile din zona gri cibernetică iraniană se referă la acțiuni rău intenționate în spațiul cibernetic care nu ajung la un atac cibernetic cu drepturi depline, dar au ca scop atingerea obiectivelor strategice.

Spionaj: Iranul desfășoară campanii de spionaj cibernetic care vizează guverne, organizații și persoane străine. Aceste activități implică furtul de informații sensibile, cum ar fi informații politice sau militare, proprietate intelectuală sau date personale.

Operațiuni de dezinformare și influență: Iranul se angajează în campanii de dezinformare online, răspândind informații sau propagandă înșelătoare pentru a modela opinia publică și pentru a-și promova agenda politică sau ideologică.

Atacurile DDoS: Atacurile Distributed Denial of Service (DDoS) implică copleșirea serverelor sau rețelelor unei ținte cu un flux de trafic, făcându-le inaccesibile. Iranul a condus atacuri DDoS împotriva diferitelor ținte, inclusiv site-uri web ale guvernelor străine, organizații media și instituții financiare.

Hacking și deformare: grupurile iraniene de hacking au efectuat intruziuni cibernetice și deformarea site-urilor web pentru a-și evidenția capacitățile, a face declarații politice sau a riposta împotriva adversarilor percepuți. Aceste activități vizează adesea site-uri web guvernamentale, instituții de știri sau organizații care critică politicile iraniene.

Atacurile cibernetice asupra infrastructurii critice: Deși nu se încadrează în mod explicit în zona gri, Iranul conduce atacuri cibernetice asupra infrastructurii critice, cum ar fi instalațiile energetice, băncile și sistemele de transport. Exemple notabile includ atacul din 2012 asupra Saudi Aramco și atacul din 2019 asupra industriei petroliere.

Activități din războiul cog din Iran

Manipularea rețelelor sociale: actorii iranieni operează conturi de rețele sociale false și se angajează în campanii de dezinformare pentru a influența opinia publică, în special în perioadele sensibile precum alegerile sau tensiunile geopolitice.

Spionaj cibernetic: Iranul a executat diverse campanii de spionaj cibernetic care vizează guverne, organizații și persoane din întreaga lume. Aceste activități implică sustragerea de informații sensibile în scopuri de informații sau ca metodă de a obține un avantaj competitiv.

Defaceri de site-uri web: grupurile de hackeri iranieni au efectuat deformari de site-uri web, înlocuind conținutul site-urilor web vizate cu propriile mesaje sau declarații politice. Iranul folosește defigurarea pentru a evidenția capacitățile, a crește gradul de conștientizare sau a promova ideologii politice.

Phishing și spear-phishing: actorii iranieni execută campanii de phishing care folosesc e-mailuri sau mesaje înșelătoare pentru a păcăli persoanele să dezvăluie informații sensibile, cum ar fi datele de conectare sau datele financiare.

Operațiuni de influență: Iranul se angajează în operațiuni de influență prin diverse mijloace, inclusiv răspândirea propagandei, manipularea narațiunilor și valorificarea instituțiilor media controlate de stat pentru a modela opinia publică, atât pe plan intern, cât și în străinătate.

Vizarea dizidenților și activiștilor: actorii cibernetici iranieni vizează dizidenți, activiști și organizații pentru drepturile omului, atât în ​​Iran, cât și în străinătate. Aceste activități urmăresc să perturbe sau să reducă la tăcere vocile opoziției.

Atacuri distribuite de refuzare a serviciului (DDoS): Iranul efectuează atacuri DDoS care vizează diverse site-uri web și servicii online. Aceste atacuri copleșesc sistemele vizate, făcându-le inaccesibile utilizatorilor legitimi.

Furtul de date și furtul de proprietate intelectuală: actorii cibernetici iranieni fură date sensibile, inclusiv proprietate intelectuală, de la companii străine, universități și instituții de cercetare.

Atacurile ransomware: Deși nu au fost atribuite exclusiv Iranului, au existat cazuri în care grupurile legate de Iran au implementat ransomware pentru a stoarce bani de la organizații prin criptarea sistemelor lor și prin solicitarea plății pentru eliberarea lor.

Iran disrupts conferences and activities organized by the Mujahedin-e Khalq (PMOI), an Iranian opposition group. Iran targets the PMOI due to its opposition to the Iranian regime.

Cyber Attacks: Iran launched cyber attacks against the PMOI and its supporters. These attacks have included phishing campaigns, malware distribution, and hacking attempts to compromise the PMOI's  infrastructure or steal sensitive information.

Disinformation Campaigns: The Iranian government has reportedly engaged in disinformation campaigns to undermine the PMOI's reputation and credibility. The campaigns include spreading false narratives, propaganda, and misinformation about the PMOI and its activities.

Diplomatic and Political Pressure: Iran has sought to influence the international community and governments to isolate and delegitimize the PMOI. The pressure involves diplomatic efforts to discourage support for the PMOI, pressure to prevent opposition protests, requests to evict opposition groups from their Western bases of operation, and lobbying to designate the PMOI as a terrorist organization.

Diplomatic and Political Pressure as a Result of Prisoner Swaps

  • Negotiating Use: Iran holds foreign nationals in custody as a bargaining chip in negotiations. Iran swaps these individuals for their citizens held overseas or for other concessions, like lifting sanctions, providing financial or material resources, or removing the PMOI from their soil.
  • Aprobare internă: Iranul își încadrează schimburile de prizonieri de succes drept victorii diplomatice, care sporesc ratingul de aprobare al guvernului la nivel național. Schimburile arată că guvernul își poate proteja cetățenii din străinătate și poate asigura eliberarea acestora atunci când au probleme.
  • Imagine internațională: Eliberarea prizonierilor străini îmbunătățește imaginea internațională a Iranului, arătându-l drept uman, corect sau dispus să se angajeze în soluții diplomatice. Eliberarea prizonierilor străini ajută relațiile lor internaționale și scade ostilitatea din partea altor națiuni.
  • Angajarea diplomatică directă: Schimburile de prizonieri iranieni creează oportunități de angajare directă cu țările occidentale. Schimburile ajută la un dialog de deschidere atunci când nu există canale diplomatice formale. Schimburile deschid porțile pentru negocieri ulterioare pe alte chestiuni.

Prisoner swaps occur through behind-the-scenes diplomatic negotiations. The process can be lengthy and complex, involving multiple parties, legal considerations, and often, high-stakes bargaining. The swaps are usually highly coordinated and sometimes involve third-party countries to facilitate the exchange.

The use of prisoner swaps can be controversial. Critics argue that they incentivize the arrest of foreign nationals, essentially turning individuals into political pawns. The recent Belgian prisoner swap with Iran emboldens Iran to push the cyber and physical boundaries of what is acceptable. The Physical and Cyber Grey Zone expands beyond traditional norms.

Grand Rally of Iranians on Anniversary of Resistance Against the Mullahs' Regime 42nd anniversary of the founding of the National Council of Resistance of Iran (NCRI) Paris - Place Vauban, July 1, 2023 - 13:00 CET Supports the nationwide uprising of the Iranian people for a democratic republic, separation of religion and state, equality, and homage to leading women.

  • Long live freedom
  • No dictatorship
  • Down with the tyrant, be it the Shah or the mullahs

#FreeIran10PointPlan    

Physical Attacks and Assassinations: In the past, Iran conducted physical attacks and assassinations against PMOI members or individuals associated with the group. These attacks have taken place both within Iran and in other countries.

  1. Atacuri cibernetice:
    • In 2018, cybersecurity firms reported a cyber espionage campaign called "Operation SpoofedScholars" attributed to Iran, which targeted PMOI supporters and conferences. The campaign involved creating fake social media accounts and websites to gather information and launch phishing attacks.
    • The Iranian government launched distributed denial of service (DDoS) attacks against PMOI websites, temporarily taking them offline or disrupting their functionality.
    • Reports suggest that Iranian hackers have targeted PMOI supporters' social media accounts, attempting to gain unauthorized access or spread malware through malicious links or attachments.
  2. Disinformation Campaigns:
    • Iranian state-controlled media outlets and propaganda machinery spread false information, engaging in character assassination campaigns against the PMOI. Campaigns include portraying the organization as a terrorist, highlighting alleged internal conflicts, and disseminating fabricated stories to discredit its members.
    • The Iranian government has used state media to promote narratives that demonize the PMOI and portray its members as violent extremists or foreign agents.
  3. Diplomatic and Political Pressure:
    • Iran engages in diplomatic efforts to dissuade foreign governments and international organizations from supporting or hosting PMOI conferences. The pressure (stated earlier) includes lobbying, diplomatic protests, and seeking legal measures to restrict the activities of the PMOI.
    • The Iranian government has consistently sought to have the PMOI listed as a terrorist organization internationally, aiming to delegitimize the group and hinder its activities.
  4. Physical Attacks and Assassinations:
    • The Iranian government conducted physical attacks and assassinations against PMOI members and supporters. These incidents occurred in various countries and have involved bombings, targeted assassinations, and covert operations allegedly conducted by Iranian agents.
    • One notable incident occurred in 2018 when the arrest of an Iranian diplomat in Germany for his involvement in a foiled bomb plot targeting a PMOI conference in France—an action orchestrated by the Iranian government.

Iran employs various tactics to suppress dissent and silence dissidents. Tactics used by the Iranian government include:

  • Arrests and Detentions: Iranian authorities frequently arrest and detain individuals critical of the regime, including activists, journalists, human rights defenders, and political opponents. Iran holds individuals without due process, faces prolonged periods of detention, and sometimes experiences torture or mistreatment.
  • Harassment and Intimidation: Dissidents and their families often face harassment, surveillance, and threats from Iranian security forces or government-backed groups. Actions of this type include monitoring their activities, restricting their movements, or subjecting them to intrusive measures to discourage their activism.
  • Internet and Media Restrictions: The Iranian government exercises strict control over the media and internet access within the country. Iran censors dissenting voices, limiting or blocking access to social media platforms and websites critical of the regime. This control over information aims to stifle the spread of dissent and alternative viewpoints.
  • Discrediting Campaigns: The Iranian government often engages in discrediting campaigns against dissidents, labeling them as foreign agents, spies, or terrorists. State-controlled media outlets may launch smear campaigns or spread false information to undermine the credibility and reputation of activists and dissident groups.
  • Systematic Torture and Execution: There have been reports of the Iranian government using torture, including physical and psychological abuse, against dissidents and political prisoners. In past cases, Iran executed dissidents following trials criticized for lacking due process or fairness.
  • Restrictions on Freedom of Association: The Iranian government imposes restrictions on independent civil society organizations and associations, making it difficult for dissidents to organize and advocate for their causes. Human rights organizations and political groups are either banned or heavily monitored.
  • Forced Exile: Dissidents who face significant threats or harassment in Iran often choose to flee the country, seeking refuge in other nations. However, even in exile, they may face surveillance, threats, or attempts to silence their voices from abroad.

Iran uses social media platforms as part of its influence operations to shape narratives, spread propaganda, and advance its political objectives.

  • Coordinated Inauthentic Behavior (CIB): Iranian actors have created and operated fake accounts, often called "troll farms," on platforms like Twitter, Facebook, and Instagram. Iran uses the accounts to amplify pro-regime messages, disseminate propaganda, and attack critics or opposition groups. They may also engage in targeted harassment or intimidation campaigns against individuals or organizations seen as adversaries.
  • Disinformation and Propaganda: Iranian influence operations involve disseminating false or misleading information through social media channels. Disinformation in use includes spreading narratives that support Iranian government policies, delegitimizing opposition voices, or promoting conspiracy theories to manipulate public opinion and shape the global discourse on specific issues.
  • Hashtag Hijacking: Iranian actors hijack popular or trending hashtags on social media platforms to divert attention to their preferred narratives or to spread propaganda. Using bots or coordinated efforts, they can flood the hashtags with their messages, making them more visible and influencing online conversation.
  • Fake News Websites and Blogs: Iran creates and promotes fake news websites and blogs that mimic legitimate news sources. These platforms publish articles and stories that align with Iranian government narratives and deceive readers into believing they are consuming factual information.
  • Targeting Dissident and Activist Communities: Iranian influence operations often focus on targeting dissidents, human rights activists, and opposition groups. Iranian actors aim to disrupt their networks, sow discord, and gather intelligence on their activities by monitoring their online activities and engaging with them through fake accounts or profiles.
  • Astroturfing and Amplification: Iran has engaged in astroturfing, which creates the illusion of grassroots support for specific causes or perspectives. By artificially amplifying messages, posts, or campaigns through coordinated efforts, they seek to create a false perception of widespread public support for their agenda.
  • Diplomatic Pressure: Iran has pressured host countries to prevent the PMOI from organizing their conferences. The pressure tactics include lobbying host governments, making formal protests, and using diplomatic channels to discourage or prevent the events from taking place. The pressure involves sending formal objections, issuing diplomatic statements, and engaging in behind-the-scenes negotiations to discourage hosting the events.
  • Legal Actions: Iran has pursued legal actions against individuals or organizations associated with the PMOI to impede or halt their conference activities. The actions seek legal injunctions, filing lawsuits, or utilizing international legal mechanisms to challenge the legitimacy of the conferences.
  • Propaganda Campaigns: Iran has launched propaganda campaigns against the PMOI and its conferences. Iran spreads disinformation, false narratives, and negative publicity through state-controlled media, online platforms, and affiliated organizations to undermine the group's reputation and discourage participation.
  • Diplomatic Isolation: Iran has sought to isolate the PMOI and discourage other countries from hosting or participating in their conferences. Diplomatic isolation involves diplomatic efforts to discredit the group and dissuade foreign governments from supporting or attending the events. Portray them as a terrorist organization and discourage attendance or support from other countries.
  • Alleged Covert Operations: There have been reports and allegations of covert operations by Iranian intelligence agencies to disrupt or sabotage PMOI conferences. These actions include surveillance, cyber-attacks targeting conference-related infrastructure, and even attempted attacks or assassinations against PMOI members.
  • Espionage and Surveillance: Iran's intelligence agencies have allegedly conducted espionage and surveillance activities against the PMOI/PMOI and their conferences. Iran monitors and infiltrates the group's networks, gathering intelligence on conference participants and attempting to disrupt their organizational structures.
  • Espionage and Surveillance: Iran's intelligence agencies have allegedly conducted espionage and surveillance activities against the PMOI/PMOI and their conferences. Iran monitors and infiltrates the group's networks, gathering intelligence on conference participants and attempting to disrupt their organizational structures.
  • Reports of threats, intimidation, and targeted killings of PMOI members by Iranian security forces or affiliated groups.

Disruption of the PMOI (People's Mujahedin of Iran) conference in 2018 held in Villepinte, France

According to the reports, the plot involved an attempted attack on the conference by individuals with alleged links to the Iranian government.

On June 30, 2018, during the PMOI conference, Belgian authorities arrested two individuals in Brussels found in possession of explosives and intended to conduct an attack. Belgian authorities identified an Iranian diplomat stationed in Vienna and an accomplice. They planned to bomb the conference venue in Villepinte.

The incident caused significant concern and diplomatic tensions between Iran and European countries. The Iranian government denied involvement in the plot and condemned the accusations as baseless. However, multiple European countries, including France, supported Belgium's investigation and took diplomatic actions in response to the incident.

2022 albaneză

A cyberattack on the Albanian government knocked out state websites and public services for hours. With Russia's war raging in Ukraine, the Kremlin might seem like the likeliest suspect. However, the threat intelligence firm Mandiant published research on Thursday, attributing the attack to Iran. And while Tehran's espionage operations and  meddling have shown up all over the world,

The  attacks targeting Albania on July 17 came ahead of the "World Summit of Free Iran," a conference scheduled to convene in Manëz in western Albania on July 23 and 24. The PMOI canceled the Iran Free Summit. The PMOI postponed the conference the day before it began because of reported, unspecified "terrorist" threats.

Attackers deployed ransomware from the Roadsweep family and may have used a previously unknown backdoor, dubbed Chimneysweep, and a new strain of the Zeroclear wiper.

Iran executed a coercive attack to pressure the Albanian government against the PMOI.

Iran conducted aggressive hacking campaigns in the Middle East, particularly in Israel, and its state-backed hackers have penetrated and probed manufacturing, supply, and critical infrastructure organizations. In November 2021, the US and Australian governments warned that Iranian hackers were actively working to gain access to an array of networks related to transportation, health care, and public health entities, among others. "These Iranian government-sponsored APT actors can use this access for follow-on operations, such as data exfiltration or encryption, ransomware, and extortion," the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency wrote at the time.

However, Tehran has limited how far its attacks have gone, mainly focusing on data exfiltration and reconnaissance on the global stage. The country has, however, participated in influence operations, disinformation campaigns, and efforts to meddle in foreign elections, including targeting the US.

Overall, Iran uses strategies to suppress dissident voices and online opposition. The Iranian government employs sophisticated methods of internet censorship, including blocking access to thousands of websites, particularly those associated with foreign media, human rights groups, and political opposition. During heightened political tension, Iran has even shut down the internet entirely. Iran maintains intrusive surveillance on its citizens' online activities, using this information to target dissidents. Allegedly, the government has also used cyberattacks against opposition websites and has spread disinformation to discredit opposition movements. Iran detains and imprisons activists, journalists, and others who express dissenting views. Charges often include vaguely defined crimes like "acting against national security" or "spreading propaganda against the system." Iran's laws limit freedom of speech and the press, making it risky to express opposing views. There are strict regulations on media and online platforms, and violations can result in severe penalties. Dissidents and opposition members in Iran face harassment, threats, and sometimes violence or execution. These actions create a climate of fear that can silence opposition voices.

Human rights organizations and Western governments condemn the suppression of dissident voices. However, the emboldened regime continues to expand tactics, introduce new techniques, and push methods beyond any international rules of decorum. What will they do this month?

Contactați Treastone 71

Contactați astăzi Treadstone 71. Aflați mai multe despre ofertele noastre de analiză țintită a adversarului, antrenament de război cognitiv și informații comerciale.

Contactați-ne astăzi!