An Iranian nation-state group sanctioned by the U.S. government has been linked to the hack of the French satirical magazine Charlie Hebdo in January 2023. The group’s activity is being monitored by Microsoft, which released the incident’s specifics. Previously, the state-sponsored cyber group was linked to a sophisticated influence operation attempting to destabilize the 2020 presidential election. Two Iranian nationals have been accused of participating in the disinformation and threat campaign. Microsoft released the recent disclosure after a “hacktivist” group called Holy Souls (now identified as NEPTUNIUM) claimed to get a database from Charlie Hebdo. The database included 200,000 records about Charlie Hebdo customers, such as full names, phone numbers, home addresses, and email addresses. It’s believed that the attack was carried out in revenge for the publication’s holding a cartoon contest that “ridiculed” Iranian Supreme Leader Ali Khamenei.
Releasing the entire cache of stolen information might result in massive doxing, Redmond further warned. “After Holy Souls posted the sample data on YouTube and multiple hacker forums, the leak was amplified by a concerted operation across several social media platforms. This amplification effort made use of a particular set of influence Tactics, Techniques, and Procedures (TTPs) DTAC has witnessed before in Iranian hack-and-leak influence operations,” stated the Windows maker’s Digital Threat Analysis Center (DTAC). The similarities in using false-flag personas to carry out their hack-and-leak operations and using sockpuppet accounts that pretend to be reliable sources correlate with an FBI advisory from October 2022. The FBI assessed the goal to “undermine public confidence in the security of the victim’s network and data, as well as embarrass victim companies and targeted countries. These hack-and-leak campaigns involve a combination of hacking/theft of data and information operations that impact victims via financial losses and reputational damage.”