Iran cyber offensives abroad distract attention from worsening homefront

by WorldTribune Staff, July 30, 2019

Iran’s leadership has deployed an army of hackers to launch cyber attacks and spread false news abroad as a distraction from an economy in shambles and an increasingly angry citizenry which seeks to break free from the shackles of mullah rule and re-join the international community, analysts say.

While stepping up attacks on U.S. government sites, the Islamic Republic’s cyber operatives are also engaged in spreading false reports on a top Iranian dissident.

A Maryam Rajavi poster hangs from an overpass in a major expressway in Teheran. After stealing the identity of a French diplomat in Jerusalem, Iranian hackers had him tweet that Rajavi, head of the biggest Iranian dissident group, had visited Israel to set anti-Iran strategy.

“Overall, Iran practices two-front cyberwarfare — hacking and trolling — just like U.S. adversaries Russia and China,” security correspondent Rowan Scarborough wrote in a July 28 report for The Washington Times. “In recent months, Teheran has stepped up attacks on U.S. computer networks to steal information and disable networks, officials say.”

The cybersecurity firm CrowdStrike has warned that Iran-linked hackers rely on traditional phishing operations to coax computer users into opening a malware attachment.

In June, the U.S. Department of Homeland Security issued a special statement aimed at Iran. The warning came from Christopher C. Krebs, director of the department’s Cybersecurity and Infrastructure Security Agency.

“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies,” Krebs said.

“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear-phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”

Meanwhile, Iranian hackers stole the identity of a French diplomat in Jerusalem and, using the stolen identity, tweeted that Maryam Rajavi, head of the National Council of Resistance of Iran (NCRI), the largest Iranian dissident group, had visited Israel to set anti-Iran strategy, Scarborough reported.

The NCRI held its annual “Free Iran” conference earlier this month in Albania, its home base. The NCRI and its affiliated People’s Mujahedeen of Iran (MEK) “are Iran’s most dangerous internal threats,” Scarborough noted.

Iran’s ruling mullahs calculated that a trending fake tweet would “divert a resistive public’s attention away from Iran’s underperforming economy while undercutting the resistance’s appeal,” Scarborough wrote.

Shahin Gobadi, an MEK spokesman, told The Washington Times: “Inside of Iran, the most senior officials of the regime keep publicly warning on the surge in the youth support for the MEK and the activities of the MEK resistance units.”

Gobadi continued: “The need of the regime to resort to such a ploy could be better realized in the context of the regime’s overall state of affairs. It is facing an explosive society, a crumbling economy and growing international isolation. In this situation, the mullahs’ only solution is resorting to stepping up suppression, more arrests, more terrorism abroad and intensifying the disinformation campaign against the resistance.”

The Iranian hackers’ false tweetstorm began on July 23, when Fars News Agency, a mouthpiece of the Islamic Revolutionary Guard Corps (IRGC), reported that Pierre Cochard, the French consul in Jerusalem, sent five tweets claiming Rajavi had visited Israel.

Within hours, Iranian operatives in Europe were retweeting the supposed Cochard posts.

Rajavi sent three quick tweets, employing one of U.S. President Donald Trump’s favorite labels.

“Lies by IRGC News Agency regarding my illusionary visit to Israel shows regime’s desperation and need for fake news against Iranian resistance,” Rajavi tweeted.

The French Foreign Ministry also issued a statement denying the tweet. It said Cochard communicates only through official consulate accounts.

The Fars story said Trump legal counsel Rudy Giuliani, an MEK supporter and conference attendee, arranged the Rajavi trip to Israel in which she supposedly discussed anti-Iran strategy.

That story was followed by the Mehr News Agency, a multilingual news site in Teheran tied to the ruling mullahs and supreme leader Ayatollah Ali Khamenei.

“According to tweets of the French consul general for Alquds (Jerusalem) Pierre Cochard, the Ring leader of the terrorist Mujahedin Khalq Organization (MKO) Maryam Rajavi has traveled to Tel Aviv to negotiate anti-Iranian measures with the Israeli regime’s PM Benjamin Netanyahu,” Mehr reported.

Michael Rubin, who monitors Iran at the American Enterprise Institute, told The Washington Times he analyzes the Cochard affair this way:

“This probably is regime propaganda. The irony is they needn’t bother. First, most Iranians despise Rajavi for very real reasons and, second, most ordinary Iranians have no animus toward Israel. Iranians just want to rejoin the rest of the world, and it’s the regime’s ideological hatred toward Israel that prevents them from doing so. Ayatollah Khomeini [the Islamic republic’s 1979 founder] hated Jews, but 40 years of regime propaganda hasn’t convinced the rest of the country that they need to follow his lead.”

Intelligence Brief __________ Replace The Media