Microsoft alleges attacks on French magazine came from Iranian-backed group
Microsoft alleges attacks on French magazine came from Iranian-backed group

Microsoft mentioned on Friday that an Iranian nation-state group already sanctioned by the US authorities was behind an assault final month that focused the satirical French journal Charlie Hebdo and 1000’s of its readers.

The assault got here to gentle on January 4, when a beforehand unknown group calling itself Holy Souls took to the Web to say it had obtained a Charlie Hebdo database that contained private info for 230,000 of its prospects. The publish mentioned the database was out there on the market on the value of 20 BTC, or roughly $340,000 on the time. The group additionally launched a pattern of the info that included the complete names, phone numbers, and residential and electronic mail addresses of people that had subscribed to, or bought merchandise from, the publication. French media confirmed the veracity of the leaked knowledge.

The discharge of the pattern put the shoppers liable to on-line concentrating on or bodily violence by extremist teams, which have retaliated in opposition to Charlie Hebdo in recent times for its satirical therapy of issues pertaining to the Muslim faith and Islamic nations akin to Iran. The retaliation included the 2015 taking pictures by two French Muslim terrorists and brothers at Charlie Hebdo workplaces that killed 12 and injured 11 others. To additional gin up consideration to the breached knowledge, a flurry of pretend personas—one falsely claiming to be a Charlie Hebdo editor—took to social media to debate and publicize the leak.

Twitter post purporting to come from impersonating a Charlie Hebdo editor.
Enlarge / Twitter publish purporting to come back from impersonating a Charlie Hebdo editor.


On Friday, Clint Watts, the overall supervisor of Microsoft’s Digital Menace Evaluation Heart, wrote:

We consider this assault is a response by the Iranian authorities to a cartoon contest performed by Charlie Hebdo. One month earlier than Holy Souls performed its assault, the journal introduced it will be holding a global competitors for cartoons “ridiculing” Iranian Supreme Chief Ali Khamenei. The problem that includes the successful cartoons was to be printed in early January, timed to coincide with the eighth anniversary of an assault by two al-Qa’ida within the Arabian Peninsula (AQAP)-inspired assailants on the journal’s workplaces.

The ways, strategies, and procedures of the affect marketing campaign led Microsoft researchers to conclude it was the work of Emennet Pasargad, an Iranian group that has lengthy been monitored and focused by the US authorities. The FBI said in January 2022 that Emennet Pasargad was behind “a multi-faceted marketing campaign to intervene within the 2020 US presidential election.”

Contributors within the operation obtained confidential US voter info from not less than one state election web site, despatched threatening emails designed to intimidate voters, and printed a video airing disinformation regarding non-existent voting vulnerabilities. The group additionally claimed affiliation with the neo-fascist group Proud Boys to additional intimidate voters.

Final October, the FBI said that Emennet Pasargad focused teams in Israel with “cyber-enabled info operations that included an preliminary intrusion, theft, and subsequent leak of information, adopted by amplification by social media and on-line boards, and in some circumstances the deployment of harmful encryption malware.”

The US Treasury in 2021 placed sanctions on Emennet Pasargad and 6 Iranian nationals who’re members, citing their makes an attempt “to sow discord and undermine voters’ religion within the US electoral course of.”

Friday’s publish mentioned Microsoft had “excessive confidence” that the group, which the corporate refers to as Neptunium, was behind the Charlie Hebdo affect marketing campaign. The evaluation was primarily based on components together with:

  • A hacktivist persona claiming credit score for the cyberattack
  • Claims of a profitable web site defacement
  • Leaking of personal knowledge on-line
  • The usage of inauthentic social media “sockpuppet” personas—social media accounts utilizing fictitious or stolen identities to obfuscate the account’s actual proprietor for the aim of deception—claiming to be from the nation that the hack focused to advertise the cyberattack utilizing language with errors apparent to native audio system
  • Impersonation of authoritative sources
  • Contacting information meida organizations
Attribution matrix Microsoft used to arrive at its assessment.
Enlarge / Attribution matrix Microsoft used to reach at its evaluation.


Microsoft mentioned the January marketing campaign used French-language sockpuppet social media accounts, many with low follower counts, to amplify the leak and “distribute antagonistic messaging.” The accounts additionally posted criticisms of the cartoon competitors aimed toward Khamenei.

“Crucially, earlier than there had been any substantial reporting on the purported cyberattack, these accounts posted similar screenshots of a defaced web site that included the French-language message: ‘Charlie Hebdo a été piraté’ (‘Charlie Hebdo was hacked’),” Watts wrote.

Shortly after that, not less than two social media accounts—one purporting to belong to a tech government and the opposite to a Charlie Hebdo editor—posted screenshots of the leaked buyer knowledge.

The marketing campaign Microsoft has documented is the newest reminder that social media is usually manipulated by particular curiosity teams—some with deep pockets. Individuals would do effectively to recollect this manipulation and watch out to confirm claims earlier than spreading them additional.

By admin