In the beginning January 5 watches popular anonymous Iranian opposition account called. Jupiter He announced on Twitter that his friends had killed Abolqasem Salavati, an abusive judge nicknamed “Judge of Death”. The tweet went viral, and thousands of happy people took to the account’s Twitter space to thank him for killing the man who had sentenced hundreds of political prisoners to death.
Soon, however, a few attendees expressed doubts about the veracity of the claim. “Tonight is for a feast!” said the host. When he insisted, they were cursed and kicked out of the room. Repeatedly encouraging viewers to let Space go viral. The next day, activists on the ground and Iranian media confirmed that Salavati was indeed alive. Many experts suspect that Jupiter is a cyber operation by the Islamic Republic of Iran aimed at distracting people, and the Iranian government executed two dissidents overnight on Twitter.
Within its borders, the Iranian regime controls its population with one of the world’s toughest internet filtering systems, physical assaults and mass incarceration. However, the IRI is vulnerable beyond physical and virtual borders as the regime struggles to control discourse and silence dissent. The IRI’s cyber army deploys multifaceted, cunning, and sometimes corrupt tactics to combat Western opposition narratives and VPN-armed domestic activists online. In Iran’s ongoing political turmoil, old cyber tactics are gaining ground, while new tactics aimed at distracting, humiliating, distorting and sowing distrust have emerged at a time when the regime is at its most critical.
Desperate times, desperate measures
Among the tactics used by IRI’s cyber agents—colloquially known as cybernetic—is old-school hacking. Iran-linked Charming Kitten gained notoriety in 2020 for its spear-phishing experiments on journalists, academics and policymakers in the West. The group is recognized for its signature technique of posing as reporters or researchers and posing as interest in their target’s work, framing interview questions with a spear-phishing link. According to recent reports from the UK government’s National Cyber Security Center and security agency Mandiant, cyber groups TA453 and APT42, linked to Iran’s Revolutionary Guard Corps, are on the rise. Last month, popular anti-government label RKOT He said he deserved it. He had received a journalistic request from an individual claiming to be a journalist to the IRGC unit in Shiraz. New York Times.
Amin Sabeti, founder of CERTFA’s cybersecurity group, which specializes in exposing state-sponsored Iranian cyber activities, said these operations have changed their tactics in the past few months, as many of the targets of interest have realized the risks and learned to protect themselves. From spear-fishing. Instead, Sabeti says, they now use a domino effect strategy of targeting low-profile targets, building trust and recruiting high-profile targets in their networks. Earlier this month, for example, Iranian-Canadian human rights activist Nazanin Afshin Jam he said. When she received a phishing link from a trusted colleague who had been kidnapped.
“Nowadays, in light of this revolution, especially nonprofits follow whatever interests them,” Sabetti says.
In particular, some of these state actors establish credibility and trust by positioning themselves as anti-government voices and supporters of protest movements, or by establishing relationships with targets. An account under the name Sarah Shokuhi was created in October 2022 and claimed to be a Middle Eastern scholar. The account spent months encouraging and documenting the voices of the opposition Heartfelt thanks Finally for the opposition It’s coming out. State-sponsored phishing by Iranian experts.
