Iran-Linked Hackers Expand Targets To African Telecom Companies

Dec 21, 2023, 12:30 PMDec 21, 2023, 11:48 AM

Hackers affiliated with Iran's cyber-espionage group, MuddyWater, have extended their focus to target telecommunications companies in Egypt, Sudan, and Tanzania.

As revealed by cybersecurity researchers, including Marc Elias from Symantec, this marks a departure from MuddyWater's previous emphasis on entities in the Middle East, marking their first known operation against African organizations.

The cyber-attacks, conducted in November against unspecified telecom companies, have not shown evidence of successful information theft. However, analysts suggest that the primary objective of the campaign is likely espionage, based on MuddyWater's historical patterns. There is also speculation about the potential for disruption attacks, drawing on the tactics of Iranian hacking groups in the past.

The hackers' activities in Africa may be influenced by the ongoing Israel-Hamas conflict, with Egypt a prime target due to its proximity to Gaza and Israel.

MuddyWater's recent campaign, analyzed by Symantec, stands out for its use of a PowerShell launcher from a newly identified toolset called MuddyC2Go. Discovered in November, the toolset may have been operational since 2020, granting threat actors remote access to victim systems.

In addition to the PowerShell launcher, MuddyWater deployed other tools, including the legitimate remote device control and management software SimpleHelp. The software, once installed, operates as a system service, providing attackers continuous access and the ability to execute commands with administrator privileges.

Active since at least 2017, MuddyWater has consistently demonstrated an interest in targeting telecom organizations, aligning with broader trends observed among cyber-espionage groups.

•

Some Iranian Newspapers Ignore Gag Order In Corruption Case

Dec 21, 2023, 11:46 AM

•

Iran International Newsroom

Iran’s Supreme National Security Council ordered newspapers Tuesday night to stop writing about the recent $3.7 billion corruption case that has rattled public opinion.

Nonetheless, three Iranian newspapers ignored the censorship order and ran editorials on the biggest corruption case in several decades in their Wednesday issues. The case involved a tea company receiving billion of dollars from the government with favorable exchange rate for imports but selling the currency in the open market for a hefty profit.

The bravest article appeared on Jahan-e Sanat newspaper. Nader Karimi Jooni, one of the daily's editors wrote, "In a questionable measure, the Supreme National Security Council has called on media managers not to report anything on the corruption case at the Debsh Tea Company any longer." Jooni added that it is not strange that the issue of corruption has turned into a national security issue. "Earlier, not only the press, but also members of the public had been barred from speaking about corruption."

The article was referring to Supreme Leader Ali Khamenei's statement in 2015 ordering the people and the press “to stop discussing corruption as this would be disappointing for the country's officials." Khamenei made the statement after a big embezzlement case in the government-controlled banking system.

According to Jahan-e Sanat, such orders are at times also issued by the Iranian Judiciary, and those who refuse to obey the order will end up in jail. The daily pointed out that the SNSC's order is in contrast with President Ebrahim Raisi's frequently declared policy about confronting financial corruption. The newspaper then asked how a President, who calls for confrontation with corruption, can order the press to stop talking about the biggest such case in the past 45 years.

Iran's President Ebrahim Raisi during a visit to Tehran's book fair (May 2022)

The daily concluded that either Raisi was not honest in making the statement about confronting corruption, or he does not want the issue to be tackled for some reason. The daily further insisted that the press should call for the punishment of those who have benefitted from illegal privileges and concession they received from the government.

Another Tehran daily, Abrar, pointed out that the recent Debsh Tea company’s case is the biggest instance of financial corruption in Iran and not only its managing director should be held accountable, but the government institutions involved in keeping the case secret for months. Presumably the all-powerful Judiciary, the Police, the Customs Administration and the Ministry of Intelligence were all aware and responsible for that. The daily said: "It is surprising that no action has been taken in this regard and no report has been given to the nation about the case. The officials are taking it easy and simply ignore the case as if nothing has happened."

Ironically, Abrar's article about the corruption case was printed next to an article in which President Raisi is quoted as saying that government watchdogs should go easy with managers of state companies and institutions.

The third Iranian daily that discussed the corruption case was Hamdeli, which featured two reports about the corruption case. In one article, Hamdeli wrote: "While the country is facing sanctions and economic difficulties, giving such a large amount of money to a company is an example of financial corruption. But is this going to be Iran's last corruption case?"

The daily then questioned supervisory organizations such as the parliament, the Central Bank of Iran, the Customs Administration's performance and asked why they did not notice such a big corruption taking place.

In another article Hamdeli noted that the tea company in question has also been involved in exporting bitumen on behalf of the government-owned oil industry. Meanwhile, other reports quoted Ahmad Osanlu, the head of the government's "Religious Punishments Organization" as having said that foreign currency continued to be allocated to Debsh even after the authorities received some 50 complaints about wrongdoings in the company.

All this come while Alireza Panahian, an insider at Khamenei's office has encouraged hardliners to gather wealth at any price. He further opined that the country's resources should be left in the hands of religious youths.

Iranian Proxies Target US Airbase In Iraq

Dec 21, 2023, 11:24 AM

Another US airbase has been targeted by Iran-backed proxy forces in Iraq, taking the attacks since the Gaza war broke out on October 7 to around 100.

Assad Air Base in Iraq’s western province of Anbar, was targeted by a 122mm rocket. The US Central Command (CENTCOM) announced in a post on X that the offensive took place at 7:30 a.m. (Iraq time) on Wednesday. The infrastructure and forces sustained no damage or injury, the post said.

After information shared by the international coalition forces, known as Combined Joint Task Force – Operation Inherent Resolve, Iraqi forces discovered “a flatbed truck modified to launch up to 5 x 122mm rockets,” CENTCOM added.

Since Hamas’s deadly onslaught on Israel on October 7, extremist militant groups in Yemen, Syria and Iraq, backed by Iran, have launched attacks against US and Israeli targets in the region, claiming allegiance with Iran-backed Hamas.

Earlier in the month, US Secretary of State Antony Blinken called on Iraq to fulfill its commitments to protect all bases hosting US troops.

Iraqi Prime Minister Mohammed Shia Al-Sudani has limited control over the Iranian-backed militias, whose support he needed to win power a year ago and who now form a powerful bloc in his governing coalition.

Yemen’s Houthis have also vowed to target US and Israeli interests in the Red Sea, causing the US to form a 10 nation coalition to combat the threats. In spite of this move, the Biden administration is receiving more and more criticism over its failure to deter Iran and its proxies in the Middle East.

Though the Islamic Republic has denied direct military involvement in the Israel-Hamas conflict, the regime has used its allies such as Houthis and Hezbollah to attack Israeli and American targets in the region.

US Affirms Continued Cooperation With Israel Against Iranian Threats

Dec 21, 2023, 09:59 AM

A US official stated on Wednesday that Washington will persist in its close coordination with Israel to counter the full spectrum of Iranian threats amid the war in Gaza.

With Iran's proxy the Houthis directing attacks at Israel and now blocking the Red Sea trade route, during a visit to Israel, Abram Paley, the Deputy Special Envoy for Iran, posted on his X account, "We will continue our close coordination to counter the full range of Iranian threats."

The US has announced it has formed a coalition of 10 nations to counter the threats from Yemen. Meanwhile, on Israel's northern border, Iran's largest proxy, Hezbollah, continues its assault on the Jewish state. Both issues are believed to have been high on the agenda in the US-Israel talks.

The Houthis claim the aggression is in defense of the war in Gaza, a show of support to the Palestinians amid the most brutal war since Iran-backed Hamas took control of the strip. It has led to renewed calls for the Houthis to be redesignated a terror group.

Since October 7, when Iran-backed Hamas invaded Israel, hundreds of thousands of Israelis have been displaced from their homes along both the Gaza and Lebanon borders. Hezbollah, reportedly armed with over 120,000 rockets with Iranian support, poses a significant threat, capable of overwhelming Israel's Iron Dome defenses and triggering a potentially devastating war for both sides.

US Lawmakers Warn Against Iran Boosting Oil Revenues Despite Sanctions

Dec 21, 2023, 08:51 AM

In a letter to the US Treasury Department, 11 members of the House of Representatives warned against Iran’s illicit strategies to circumvent oil sanctions.

Iran’s actions are “compromising the safety and integrity of the international maritime industry and threatening our national security interests,” read the bipartisan letter.

Iran-backed Houthis have been attacking shipping in the Red Sea since mid-November, endangering lives and international commerce.

The representatives added that the Islamic Republic is on the verge of reaching its pre-sanctions revenues with selling 1.5 barrels per day, a number which is unprecedented over the past five years.

Buying 1.05 barrels per day, China is still the main customer of Iranian oil, the letter went on to say.

The representatives cited United Against Nuclear Iran’s recent warning that 370 foreign-flagged “ghost ships” are suspected of contributing to Tehran’s circumvention of oil bans over the past two years.

“This number is a 300-unit increase from its previous finding in November 2020,” said the letter.

The representatives also called for sanctions against the ghost ships involved in Iran’s illicit oil transfer.

Mohsen Khojasteh-Mehr, the CEO of the National Iranian Oil Company announced on Tuesday a 60% growth in the country's oil production over the past two years in spite of global sanctions.

According to a Congressional hearing earlier in the month, Iran has quadrupled its oil revenues since President Joe Biden took office, helping the regime better fund its malign activities.

“The Biden administration has taken a consistently weak approach to enforcing the energy sanctions that would have the strongest economic impact on Russia, Iran and Venezuela,” said Rep. Blaine Lutkemeyer, chairing the hearing.

Double-Agent Reveals IRGC Plot To Kill Iran International TV Anchors

Dec 21, 2023, 08:35 AM

•

Iran International Newsroom

The IRGC was plotting to assassinate two Iran International television anchors in London in 2022 amid Iranian anti-government protests, UK’s ITV has revealed.

The plan was foiled because the man hired to do the job turned out to be a ‘double-agent’ working for a western intelligence agency. He would relay all information to his handler and has now shared some details with ITV.

Based on irrefutable evidence –seen and verified by ITV and multiple officials– the plot was commissioned and signed off by Mohammad Reza Ansari, the IRGC commander in charge of assassinations outside Iran.

Ansari is the ‘mastermind’ behind failed plots to assassinate former US officials Mike Pompeo and John Bolton –for which he’s been sanctioned by the US treasury. He is based in Syria and is reported to have links with the family of the Syrian dictator Bashar al-Assad.

According to ITV, Ansari hired and directed the hitman (Ismail) through another Assad associate, Mohammad Abd al-Razek Kanafani, requiring him first to use a car bomb and then a ‘quiet’ way to kill his targets: “simply stab [them] with a kitchen knife.”

The plot was cynically codenamed the “wedding”. The targets, Sima Sabet and Fardad Farahzad, were “bride” and “groom”. They did not know about the details of the plot until told by ITV during the making of the report.

Ismail, a people-smuggler turned IRGC operative and then double-agent, was promised $200,000, a new identity and safe passage to Iran via Syria.

This seems to have become the IRGC’s preferred method recently, using criminals rather than sympathizers or members of affiliated, non-Iranian militant groups, as was the case years back.

In November 2022, Volant Media, the parent company of Iran International, said that two of its journalists had been notified of direct threats. It said in a statement the Metropolitan Police had formally notified both journalists that these threats represented an imminent, credible and significant risk to their lives and those of their families. Following the significant escalation in Iranian state-backed threats and advice from the London Metropolitan Police, Iran International TV announced in February that it reluctantly and temporarily closed its London studios and moved broadcasting to Washington DC. After months of hiatus in broadcasting from the UK, the network relaunched operations from a new London building in September.

Since its inception, the Islamic Republic of Iran, has been engaged in such plots against Iranian opposition in exile. Some attempts have been more successful than the others, but the regime has never ceased threatening and targeting those who dare speak against it, even those ostensibly safe in western Europe or the United States.

Many Iranian activists believe that the failure of the host states to exact a high price for such atrocities have contributed to its continuation. Those arrested, even found guilty, have often been handed back to Iran in ‘exchanges’ –that, in turn, have been made possible through hostage-taking.

The most recent example is the release of Asadollah Assadi, a former attaché at the Iranian embassy in Austria, who was convicted in Belgium for plotting to bomb a gathering of Iranian opposition in France in 2018. He went back to Iran triumphantly in a deal to bring back Belgian aid worker Olivier Vandecasteele who was taken hostage in Iran in 2022 and sentenced to 40 years in prison.

According to ITV, the hitman (Ismail) was told the two presenters had to be targeted because they were causing the Iranian regime “a lot of humiliation in the media.”

“They accuse Iran of committing any kidnap or assassination [on television] and we must finish them and make an example of them… so anyone who will take their place in the channel will learn a lesson from what happened to them,” Iranian spies told Isamil.

The Iranian regime has been attacking Iran International ever since its launch in May 2017. It’s been called a “terrorist organization” and is deemed a “public enemy.”

In September 2023, Iran’s Intelligence Minister appeared on state television to reiterate that the regime would not refrain from “invasive security measures” against Iran International to show that “no terrorist media will be safe.”

“We believe that Iran International is a terrorist network, and naturally we deem it our duty and mission to act against them wherever and whenever we deem appropriate,” he said.

The ITV report Wednesday was broadcast only a few hours after the jury of a UK court returned a guilty verdict for a suspect gathering information on Iran International's London headquarters for a possible terror attack.

Chechnya-born Magomed-Husejn Dovtaev was detained by officers from London’s Metropolitan Police Counter-Terrorism Command in February 2023. He was charged with attempting to collect information "likely to be useful to a person committing or preparing an act of terrorism."

The final verdict will be issued by the court on Friday.

“This trial was a reminder of the threats journalists and news organizations face,” Iran International said in a statement after the verdict was announced. “We will not be cowed by threats. Our journalists will continue to provide the independent, uncensored news the people of Iran deserve,”