An Iran-linked government-backed hacker group is said to be responsible for a recent cyber operation against French satirical magazine Charlie Hebdo where attackers stole and leaked customer private data.
The attack took place in early January 2023 after Charlie Hebdo published a series of cartoons that negatively depicted Iran's Supreme Leader Ayatollah Khamenei. The caricatures were part of a media campaign intended to support anti-government protests in the Islamic nation.
A previously unknown online group calling itself “Holy Souls,” which Microsoft tracks as “Neptunium,” claimed responsibility for the hack and said it obtained the personal information of more than 200,000 Charlie Hebdo subscribers. As proof the group released a sample of the allegedly stolen data that included a spreadsheet detailing the full names, telephone numbers, and home and email addresses of accounts that had subscribed to, or purchased merchandise from, the publication.
As per Microsoft, the Holy Souls cyber operation used several techniques previously observed in attacks by Iranian state-sponsored hackers such as a hacktivist persona claiming credit for the cyberattack, claims of a successful website defacement, leaking of private data online, the use of social media accounts with fake or stolen identities to amplify their operation, impersonation of authoritative sources, and contacting news media outlets.
According to the FBI, one goal of Iranian influence operations is to “undermine public confidence in the security of the victim’s network and data, as well as embarrass victim companies and targeted countries.”
“While the attribution we’re making today is based on a larger set of intelligence available to Microsoft’s DTAC team, the pattern seen here is typical of Iranian state-sponsored operations. These patterns have also been identified by the FBI’s October 2022 Private Industry Notification (PIN) as being used by Iran-linked actors to run cyber-enabled influence operations,” Microsoft said.
