Iran-linked hacker group Charming Kitten hacks nuclear scientists, US sanctions officials
Researchers at Certfa found the server and extracted a list of 77 Gmail and Yahoo addresses targeted by the hackers. (AP: Raphael Satter)
Iran-linked hackers have tried to break into private emails of nuclear scientists and US sanctions officials according to data gathered by the London-based cybersecurity group Certfa.
- The hacking group mistakenly left one of its servers open to the internet
- Certfa found a list of 77 Gmail and Yahoo addresses targeted by the hackers
- They have tied the hackers to the Iranian government
The hacking group known as Charming Kitten targeted the private emails of more than a dozen US Treasury officials, key players in enforcing the nuclear deal struck between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and DC think tank employees.
The hacking efforts took place last month after US President Donald Trump re-imposed harsh economic sanctions on Iran.
The hit list surfaced after Charming Kitten mistakenly left one of its servers open to the internet last month.
Researchers at Certfa found the server and extracted a list of 77 Gmail and Yahoo addresses targeted by the hackers.
This image shows a phishing message sent to Jim Sisco of the Virginia-based risk advisory firm Enodo Global, Inc. (AP)
Although those addresses likely represent only a fraction of the hackers’ overall effort — and it’s not clear how many of the accounts were successfully compromised — they still provide considerable insight into Tehran’s espionage priorities.
“Presumably, some of this is about figuring out what is going on with sanctions,” said Frederick Kagan, a scholar at the American Enterprise Institute who has written about Iranian cyberespionage and was among those targeted.
Mr Kagan said he was alarmed by the targeting of foreign nuclear experts.
“This is a little more worrisome than I would have expected,” he said.
The hacks are another sign of how deeply cyberespionage is embedded into the fabric of US-Iranian relations.
“The targets are very specific,” Certfa researcher Nariman Gharib said.
In a report published Thursday, Certfa tied the hackers to the Iranian government. That assessment was backed by others who have tracked Charming Kitten.
Allison Wikoff, a researcher with Atlanta-based Secureworks, recognised some of the digital infrastructure in Certfa’s report and said the hackers’ past operations left little doubt they were government-backed.
“It’s fairly clear-cut,” she said.
Targets reveal Iranian interests
The 2015 Iran deal — headed by former US President Barack Obama’s administration — called for Tehran to curb its uranium enrichment in exchange for the lifting of international sanctions.
Many on the hit list — such as Guy Roberts, the US Assistant Secretary of Defence for Nuclear, Chemical, and Biological Defence Programs — pointed to an eagerness to keep track of officials charged with overseeing America’s nuclear arsenal.
“This is something I’ve been worried about,” Mr Roberts said when alerted to his presence on the list.
One of Charming Kitten’s targets was Andrew J Grotto, whose tenure on the US National Security Council straddled the Obama and Trump administrations and who has written about Iran’s nuclear ambitions.
Other targets included a scientist working on a civilian nuclear project for the Pakistan’s Ministry of Defence, a senior operator at the Research and Training Reactor in the Jordanian city of Ramtha, and a high-ranking researcher at the Atomic Energy Commission of Syria.
The trio suggested a general interest in nuclear technology and administration.
Jarrett Blanc, the State Department coordinator responsible for the implementation of the nuclear deal under Obama, was also on the list. He said news of his targeting was no shock.
“I’ve retained contact with Iranian counterparts since leaving government,” he said.
“I’d be very surprised if there were not Iranian groups trying to hack into my various email accounts.”
Hacking has long been a feature of the tense relationship between the United States and Iran, whose militant brand of Shia Islam has challenged American interests in the Middle East since 1979.
It was against Iran that US and Israeli spies are said to have deployed the pioneering, centrifuge-rattling computer worm dubbed Stuxnet in a bid to sabotage the country’s uranium enrichment capabilities.
Iranian hackers in turn are blamed for denial of service assaults on American banks and computer-wrecking cyberattacks in Saudi Arabia, Iran’s regional archrival.
The Charming Kitten campaign uncovered by Certfa is far less sophisticated, generally relying on a password-stealing technique called phishing.