Iranian Threat Actor Neptunium Associated With Charlie Hebdo Cyber-Attacks

Written by

The Iranian threat actor called Neptunium by Microsoft has been associated by the tech giant with a recent hacking operation targeting the satirical French magazine Charlie Hebdo.

Microsoft's Digital Threat Analysis Center (DTAC) shared the findings last Friday in a blog post, adding that Neptunium is likely the same group that has been identified by the US Department of Justice (DoJ) as "Emennet Pasargad" in the past.

"In early January, a previously unheard-of online group calling itself 'Holy Souls,' which we can now identify as Neptunium, claimed that it had obtained the personal information of more than 200,000 Charlie Hebdo customers after 'gain[ing] access to a database,'" reads the blog post.

"This information, obtained by the Iranian actor, could put the magazine's subscribers at risk of online or physical targeting by extremist organizations."

According to the security experts, the attack was conducted in retaliation for a cartoon contest by Charlie Hebdo aimed at "ridiculing" Iranian Supreme Leader Ali Khamenei.

Microsoft said Neptunium advertised the trove of stolen data on YouTube and several dark web forums for 20 Bitcoin (roughly $340,000 at the time).

"There are several elements of the attack that resemble previous attacks conducted by Iranian nation-state actors," reads the Microsoft post by DTAC general manager Clint Watts.

These include a hacktivist persona claiming credit for the cyber-attack, claims of successful website defacement, leaked private data online, inauthentic social media "sockpuppet" personas, the impersonation of authoritative sources and contacting news media organizations.

Writing in an advisory last year, the US DoJ confirmed Microsoft's new claims, saying Emennet poses a broader cybersecurity threat outside of information operations.

"Since 2018, Emennet has conducted traditional cyber exploitation activity targeting several sectors, including news, shipping, travel (hotels and airlines), oil and petrochemical, financial, and telecommunications, in the United States, Europe, and the Middle East."

Both the Microsoft and DoJ advisories include recommendations to help system administrators protect networks from Neptunium's attacks.

The news comes days after Iranian threat actor Cobalt Sapling was spotted targeting Saudi Arabia with a new persona called "Abraham's Ax."

What’s hot on Infosecurity Magazine?