Iranian hacking group steps up global cyber war
Iranian hacker group MuddyWater has expanded its operations to countries such as Azerbaijan, Portugal, Turkey, Saudi Arabia, and India, using newly developed malware.
Iranian hacker group MuddyWater has expanded its operations to countries such as Azerbaijan, Portugal, Turkey, Saudi Arabia, and India, using newly developed malware.
According to a detailed report by cybersecurity firm Check Point, MuddyWater has employed BugSleep malware to allow hackers to execute remote commands and transfer files between infected systems and their servers with targets including government organizations, media outlets, and travel agencies.
International organizations, including the US Cybersecurity and Infrastructure Security Agency, have attributed MuddyWater to Iran's ministry of intelligence. MuddyWater, also known as APT34 and OilRig, has been active for several years, focusing on cyber-espionage against private and governmental organizations in the Middle East and Western countries.
Their activities are characterized by a mix of strategic intelligence gathering and disruptive cyberattacks, aiming to further Iran's geopolitical interests.
The primary and most successful method of the new malware so far, also targeting countries such as Israel and Saudi Arabia, has been through phishing emails.
Since February 2024, over 50 such emails have been distributed to hundreds of recipients, crafted to deceive recipients into clicking malicious links or downloading infected attachments.
Cybersecurity company Sekoia has also highlighted a surge in MuddyWater's activities. One of the significant findings from Sequoia's investigation is a shift in the hackers' tactics.
Instead of embedding infected links directly in the text of phishing emails, MuddyWater now places these malicious links in PDF files attached to the emails, an attempt to bypass security filters that scrutinize email contents for suspicious links.
Iran has a long history of using cyberattacks, not least on its archenemy, Israel, targeting entities like the Israel Electric Corporation.
These attacks have stepped up since the outbreak of the Gaza war. In November, just weeks after the war began, a group going by the name of “Cyber Toufan” targeted Israeli companies and organizations and dumped huge troves of data online that it claims to have stolen.
Israel's National Institute for Security Studies says Iran was one of the first countries to develop a national cyber strategy. It has developed the institutions and infrastructure to ensure its proxy war could disrupt, sabotage and even destroy civil and commercial targets, critical national infrastructure and military capabilities.
In its latest move, Iran’s “Reform Front” says it will not interfere in newly-elected President Pezeshkian’s decisions, but will instead support his administration and question decisions when necessary.
Speaking on behalf of the coalition of reformist factions in Iran, Secretary Azar Mansouri’s statement did not signify merely avoiding undue interference in the executive branch's work.
Instead, it implies a refusal to take responsibility for an administration that came into office with the reformists' support, but falls short of addressing their demands from three decades ago.
Are the reformists now abandoning their quest for influence within an administration they heavily invested in, both materially and politically, and staked their remaining political capital on? The question remains: Why did they support Pezeshkian if they now choose to remain political spectators?
Reformists and the Khatami administration
Former President Mohammad Khatami's administration (1997-2005) was the first to receive full support from the reformists.
Despite some members, such as the ministers of foreign affairs, defense, commerce, information, and education, not being reformists, they did not openly oppose reformist agendas.
Consequently, reformist parties and the “Reform Front” regarded this administration as their own and felt obligated to defend it. They continue to defend its record despite failures that have been much discussed in the past two decades.
Reformists and Rouhani's administration
None of the prominent reformist parties and figures considered former President Hassan Rouhani to be a reformist, nor did he claim to be one.
As a member of the Moderation and Development Party, Rouhani presented himself as a moderate, particularly in foreign affairs.
For this reason, reformists saw his administration as a "surrogate womb," allowing them to remain within the establishment's structure with the hope of regaining power in the future. They adopted this tactic after forces loyal to Supreme Leader Ali Khamenei sidelined them during Mahmoud Ahmadinejad's second term, leaving them little chance of taking back the presidency.
Reformists and Pezeshkian’s administration
Now, as Pezeshkian's administration is about to be formed, the question arises: What do prominent reformist parties and figures like Mohammad Khatami expect from this administration, and what were their expectations when they supported him in the election?
The Pezeshkian administration does not have the stature of Khatami’s, which was backed by a massive social movement and 23 million votes.
Nor does it match Rouhani’s, who was one of the founders of the Islamic Republic. Therefore, they do not expect the new president to be a channel for the reformists to rise to power as they did in 1997.
The two finalists for the Vice President position are Mohammad Reza Aref, who served as Khatami’s VP, and Mohammad Shariatmadari, a minister in both the Khatami and Rouhani cabinets. Both candidates are loyal to and trusted by Khamenei.
The inclusion of former Foreign Minister Javad Zarif and other so-called "reformists" and "moderates" in the transitional council responsible for introducing ministerial candidates to Pezeshkian highlights the likely composition of the new cabinet.
Several working groups have been established to compile a list of candidates for each ministry, allowing for reasonable predictions about the final selections. The future ministers, supposedly younger and without prior ministerial positions, will in all likelihood be drawn from five distinct groups:
One natural group would be officials personally chosen by Khamenei. Typically, the ministers of foreign affairs, intelligence, Islamic guidance, and the interior are chosen by Khamenei himself.
Another group would include the ministers of defense and justice, who are selected by the Islamic Revolutionary Guards (IRGC) and the Judiciary, respectively.
People from the opposite faction will be added to the cabinet so that Pezeshkian can show that his cabinet is multi-factional.
The economic ministers will be determined according to the demands of Khamenei and the IRGC’s economic empires.
The remaining few will likely be determined by individuals who identify as “reformists” or “moderates” – though, the “reformist” social base in Iran typically does not view these individuals as good representatives of their agenda.
Based on Khamenei’s recommendation, Pezeshkian’s administration will follow Raisi’s path rather than pursuing a national unity agenda.
It would appear that “reformists” do not and cannot expect the new president to do much beyond offering them minimal support to keep their movement alive.
Thus, if the first week after the elections has not disappointed some of his supporters - with his meetings with military commanders and having night tours of religious mourning ceremonies – they will in near future when his admin will be introduced to Parliament.
In an op-ed, Rouhani's political advisor called the Pezeshkian’s foreign policy map "confused, without priority, dreamy, incoherent, with a lot of generalizations about everything and anything".
If the "We Regret" campaign of Rouhani's voters emerged six months after his second inauguration, it will likely arise much sooner for Pezeshkian. The composition of his cabinet is expected to reveal that no significant changes are forthcoming.
This time, the anticipated regret from the supporters of the new administration will be conveyed through silence and harsh criticism. Their regret won't be used as a tool to pressure the administration for change, unlike before, but rather to express mere hopelessness.
Iran's acting Foreign Minister has denied allegations of an Iranian plan to assassinate former US President Donald Trump just days after an assassin shot him during a campaign rally.
Recent human source intelligence obtained by US authorities indicated a potential threat from Iran against Trump. However, there is no evidence linking Thomas Matthew Crooks, who attempted to assassinate the former president on Saturday, to the alleged plot.
Ali Bagheri-Kani admitted that Iran is still seeking justice for the assassination of IRGC Commander Qasem Soleimani, killed in a drone strike in Iraq ordered by Trump in 2020, through legal channels.
"I told you explicitly that we would resort to legal and judicial procedures and frameworks at the domestic level and international level in order to bring the perpetrators and military advisers of General Soleimani’s assassination to justice," he told CNN’s Fareed Zakaria.
Iranian authorities, both political and military, have continued to issue threats against Trump and his administration to avenge the death of Soleimani, responsible for Iran's proxies across the region. For example, in February 2023, Amirali Hajizadeh, the head of the Revolutionary Guards aerospace force directly stated that the Islamic Republic intends to kill Trump.
In January 2022, Iran's former President Ebrahim Raisi vowed revenge for Soleimani's killing unless former US President Donald Trump was put on trial.
"If Trump and (former Secretary of State Mike) Pompeo are not tried in a fair court for the criminal act of assassinating General Soleimani, Muslims will take our martyr's revenge," Raisi said in a televised speech.
Spokesperson for Iran's Foreign Ministry, Nasser Kanaani, also refuted the claims of Iran’s involvement in any recent armed attack on Trump. “Iran strongly rejects any involvement in the recent armed attack on Trump or claims about Iran's intention for such an action, considering such allegations to have malicious political motives and objectives," Kanaani stated.
The Permanent Mission of Iran to the United Nations echoed the denials.
“These accusations are unsubstantiated and malicious. From the perspective of the Islamic Republic of Iran, Trump is a criminal who must be prosecuted and punished in a court of law for ordering the assassination of General Soleimani. Iran has chosen the legal path to bring him to justice,” a spokesperson for the mission told CNN.
In 2022, the US Justice Department announced charges against an IRGC member for allegedly plotting to assassinate John Bolton, Trump's former national security adviser, likely in retaliation for Soleimani's death.
Similar threats have been made against other former Trump administration officials, including Mike Pompeo and Robert O'Brien, who have maintained security details due to ongoing risks.
Soleimani was instrumental in Iran's external military and intelligence operations involved in hostilities against US forces in the region.
Despite Iran's denials, the security concerns for those involved in the decision to kill Soleimani remain significant, with ongoing protection measures in place.
Two armed drones on Tuesday targeted Iraq's Ain al-Asad airbase, which hosts US forces and other international forces in western Iraq, two Iraqi military sources told Reuters.
It was the second attack against US forces in Iraq since early February when Iranian-backed groups in Iraq stopped their attacks against US troops. In January, the United States launched retaliatory air strikes against Iran-backed militias who were targeting its forces in Iraq and Syria. Since then, only a few incidents had been reported.
An Iraqi military official said defense systems downed one drone near the base perimeter.
In April, two drones were shot down near Ain al-Asad base, according to a US official.
No casualties have been reported, said the sources.
The latest reported attack comes after Masoud Pezeshkian, who is presented as a “moderate” won the presidential election in Iran, raising some expectations in the West that he might restart nuclear talks. However, the United States has dismissed such suggestions, giving little credence to major changes under the new president.
Iraqi army stepped up patrolling the areas around the base to prevent possible further attacks, said an Iraqi army official.
The attack came less than a week before an expected visit by a high-level Iraqi military delegation to Washington to continue talks on ending the US -led military coalition in the country.
Washington and Baghdad in January initiated talks to reassess the draw-down of the US-led coalition in Iraq, formed in 2014 to help fight Islamic State after the extremist Sunni Muslim militant group overran large parts of the country.
A US official, speaking on condition of anonymity, said a projectile appears to have targeted the base, but without causing casualties.
A new report commissioned by the Hague Initiative refutes the EU foreign policy chief's argument for not listing the Islamic Revolutionary Guard Corps (IRGC) on the EU's terror list.
Pieter Hoogendoorn, the author behind the new report, blasted EU foreign policy chief Josep Borrell, saying he's making 'excuses' when it comes to taking action against the IRGC.
Borrell told reporters on Jan. 23 before a meeting of foreign ministers in Brussels, that there are legal reasons why the EU can't list the organization as a terror entity.
"It is something that cannot be decided without a court, a court decision first," said Borell according to Reuters.
The European Parliament called on the EU to list the IRGC as a terrorist entity in January, blaming it for the harsh repression of domestic protests and the supply of drones to Russia for use in its war against Ukraine.
"Discussions on the IRGC continue among the member states. These discussions are internal and confidential therefore we cannot comment on them in public. Just to recall, the IRGC as entity and number of their commanders and members are already sanctioned under various EU sanctions regimes," said a Lead Spokesperson for Foreign Affairs and Security Policy at the European Commission.
The argument that the EU cannot list the IRGC as terrorists until an EU court has determined that they are, is baseless according to Hoogendoorn.
""This is false. This is misleading. The European Court of Justice has confirmed that in order to put a person, a group or an organization on the EU terror list that it has to have a competent authority starting an investigation into the matter, or to put the IRGC on the list in their country," explained Hoogendoorn.
Hoogendoorn said the “confirmation” follows from the case-law of the European Court of Justice (ECJ) in its interpretation of the so-called Common Position.
Council Common Position (CP 931) states that any person, group, or entity involved in terrorist acts can be designated “when a decision has been taken by a competent authority in respect of the person, group or entity concerned.” That decision could be instigation of an investigation or prosecution for either a terrorist act or even just an attempt to carry out such an act. It could also be merely a "condemnation" without conviction.
Despite Borrell’s statement, CP 931 also states that enlisting a terrorist organization can be made on information from non EU member states.
That means a court decision is not a necessary condition for designation.
The report points out that the evidence of Iran attempting such acts is already public knowledge.
Criminal gangs operating on the behest of the Islamic Republic of Iran, for example, are behind a string of terror attacks on Israeli embassies in Europe since October 7, according to Israeli and Swedish Intelligence agencies.
The Trump administration sanctioned the IRGC as a foreign terrorist organization in 2019. Canada followed suit in June of this year after immense pressure from the Iranian-Canadian community and family members of victims of PS752.
In early July, the EU reportedly accepted a request from Germany to consider designating IRGC as a terrorist entity. Germany is not the only European country pushing for the listing of the Revolutionary Guard.
Since Germany is one of the EU states that has already taken the lead on this initiative, there is no need for an EU court to determine the IRGC as a terror organization.
Once it is agreed between European members states to label the IRGC as terrorists, then the European Council is legally obliged to implement the consequences of having them on the EU terror list.
The executive director of UN watch, Hillel Neuer, said this latest report provides more evidence that there is no legal reason not for the EU not to purse enlisting the IRGC a terror organization.
"This latest report only underscores what we have known for a long time. EU high commissioner Josep Borrell has no more excuses, " said Neuer.
"The evidence is clear to anyone who has eyes and ears. The IRGC is a terrorist organization that continues to carry out terrorist attacks around the world."
US authorities have intensified security measures around former President Donald Trump after receiving intelligence reports of an Iranian plot to assassinate him, a CNN report said, although no links have been established between the plot and a recent shooting at a Trump rally.
Iran has repeatedly threatened to avenge the death of Qassem Soleimani, the commander of the Islamic Revolutionary Guard Corps (IRGC), who was killed in January 2020 on orders from then-President Trump.
CNN reported on Tuesday that recent intelligence from a human source reveals Iran was planning to assassinate Trump, leading to enhanced security measures by the Secret Service.
Despite these precautions, a shooting incident occurred at the Trump rally in Butler, Pennsylvania, where a 20-year-old man, Thomas Matthew Crooks, accessed a nearby rooftop and fired shots, injuring the former president. Authorities have told CNN that there is no known connection between Crooks and the Iranian plot.
Iran’s permanent mission to the UN immediately denied CNN's report, saying, “These accusations are unsubstantiated and malicious."
A US national security official confirmed that the Secret Service and the Trump campaign were informed of the Iranian threat prior to the rally. "Secret Service learned of the increased threat from this threat stream," the official told CNN. "The National Security Council directly contacted USSS at a senior level to be absolutely sure they continued to track the latest reporting."
Later on Tuesday, unnamed US officials told Politico that "there may be more attempts on Trump’s life in the coming weeks."
"The US intelligence community has received an increasing amount of evidence to suggest that Iran is actively working on plots to kill former President Donald Trump, potentially in the lead up to the election in November," the Politico report said.
Trump’s secretary of state Mike Pompeo was also among the targets of the Iranian assassination plot, CNN reported citing a federal law enforcement source and a source close to Pompeo.
"Tehran's terror threat against Trump is like a pilot-light: always on in the background and can be scaled up in intensity at a time of their own choosing," Behnam Ben Taleblu, a Senior Fellow at Foundation for Defense of Democracies (FDD), told Iran International.
“Domestic divisions or not, Iranian officials continue to believe that blood will only wash away blood. That's why they have not shied away from officially stating that the policy of the regime remains the killing of Trump-era national security officials whom they believe were involved in the killing of Qassem Soleimani in Iraq in January 2020," he said.
In August 2022, the US Justice Department charged an IRGC member for allegedly planning to assassinate John Bolton, the Trump administration’s national security adviser, in retaliation for Soleimani’s assassination. Bolton has been enjoying Secret Service detail since then.
Robert O’Brien, another national security adviser in the Trump administration, previously had a US government security detail due to threats from Iran, similar to Pompeo and other former Trump officials. However, that protection was withdrawn last summer, sources revealed to CNN. O’Brien is now funding his own private security, according to sources.
Iran's assassination threat against the two former national security advisers has been countered by a $12m-a-year Secret Service operation, official papers showed in February.
“Make no mistake, lapses in security can and will permit Iran-backed plots to succeed," Ben Taleblu told Iran International. "While fortunately many have been discovered or thwarted over the years, the rise in Iran-backed terror and kidnapping attempts usings proxies and trans-national criminal syndicates means that Tehran believes quantity has a quality of its own and is waiting for a mistake.”
US law enforcement also protects Iranian dissidents and journalists in America due to credible threats from Iran.
