Iran’s cyber spies use simple ‘hacks’

TEL AVIV: A cyber spying group with links to Iran and active for the past four years is targeting countries including Israel, Saudi Arabia, Germany and the United States, security researchers said on Tuesday.

A new report by Tokyo-based Trend Micro and ClearSky of Israel detailed incidents as recently as April of this year involving a group known as “CopyKittens". The group targets its victims using relatively simple techniques like creating fake Facebook pages, corrupting websites or Microsoft Word attachments with a malicious code, according to the report.

It was seen impersonating popular media brands like Twitter, Youtube, the BBC and security firms such as Microsoft, Intel and even Trend Micro. “CopyKittens is very persistent, despite lacking technological sophistication and operational discipline," the researchers said in a statement.

“These characteristics, however, cause it to be relatively noisy, making it easy to find, monitor and apply counter measures relatively quickly," they said. Iranian officials were not available for comment. The report itself does not link the group to Iran.

As a matter of company policy, Trend Micro research into state-backed attacks focuses on technical evidence and forgoes political analysis. However Clearsky researchers told Reuters that CopyKittens was “Iranian government infrastructure," adding that the use of “kitten” in the industry indicates Iranian hackers, just as “panda” or “bear” refer to Chinese and Russians, respectively.

CopyKittens is distinct from another Iran-based cyber spy group dubbed Rocket Kitten, which since 2014 has mounted cyberattacks on high-profile political and military figures in countries near Iran as well as the United States and Venezuela.