New research highlights an expanding pool of victims of Iranian hackers

with Aaron Schaffer


Load Error

Cybersecurity researchers uncovered the identities of more than 1,000 victims of two hacking groups tied to the Iranian government. The victims include high-profile academics, activists and business leaders, and government officials in the United States and Europe, researchers at Israeli cybersecurity firm Check Point say in a pair of reports out today.

The hackers used the attacks to spy on targets’ phone calls, messages, location, photos and other sensitive data. 

The reports shine a new light on the Iranian government’s use of myriad hacking groups to conduct extensive espionage against dissidents and other perceived threats to its regime.

“To me this shows the amount of complexity, the amount of resources the Iranian regime is putting into this campaign,” says Yaniv Balmas, head of cyber research at Check Point. “And it’s a complete invasion of the privacy of citizens.” 

The two groups, referred to as  Domestic Kitten and Infy by Check Point researchers, used different methods for the same end result: espionage. Check Point has shared the victims’ information with U.S. and European law enforcement. 

The campaigns fit squarely into Iran’s cyber playbook, other researchers say. 

Hackers working on behalf of the Iranian government deploy attacks against a wide range of targets at a a constant rhythm, says Adam Meyers, senior vice president of intelligence at CrowdStrike, another firm following actors tied to Iran. In recent years, hackers have increasingly turned their attentions to the West, he says.

Researchers have tied more than a dozen separate hacking groups to the Iranian government over the last 15 years. Iran has routinely denied any involvement in the attacks. Iran’s Foreign Ministry did not return a request for comment for this story.

In addition to Iranian citizens, hackers have also increasingly gone after Western journalists, academics and researchers involved with Iran, and U.S. government employees. The attacks tend to escalate around political flash points. Iranian hackers actively targeted the Trump campaign ahead of the 2020 election.

“This [new] report is also in line with our…