European authorities have taken action to take down a cyber espionage campaign believed to be linked to the Iranian regime’s Revolutionary Guards (IRGC), the first operation of its kind since Tehran signed a nuclear treaty, according to security researchers.
The hacker group – dubbed “Rocket Kitten” by security experts who have been hunting the hacker group since early 2014 – has mounted cyberattacks on high-profile political and military figures globally since that time, according to researchers from several cyber security firms who have monitored its activities.
The action could hamper Tehran’s efforts to gather sensitive intelligence from rivals including Saudi Arabia, Israel, Turkey, the United States as well as ally Venezuela, which were among the nations targeted, Reuters reported on Monday.
Researchers from U.S.-Israeli security firm Check Point Software said the 1,600 high-profile targets include members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents and even the wives of high-ranking generals from unnamed countries.
“We have discovered the inner workings of a cyber espionage campaign,” Shahar Tal, research group manager for Check Point Software, told Reuters in an interview.
“It is extremely rare to obtain a comprehensive check-list of an nation’s military intelligence interest,” Tal said of the list of espionage targets discovered in the databases of the Iranian regime hacker group.
The company said it had informed national computer security response teams in Britain, Germany and the Netherlands, who in turn alerted police in those countries to the locations of “command and control” servers used to mount attacks controlled from Iran.
Europol and the FBI said they could not immediately comment.
According to Reuters which obtained an advance copy of a report by Check Point, the report details how its experts burrowed inside the hacker group’s database, giving them a map of malicious software tools and remote-controlled computers used by the group.
In coordinated actions, “command and control” computer links hosted unknowingly by five commercial data hosting and satellite communications operators in Europe, have largely now been shut down, Tal said, crippling the hackers’ capacity, at least for some months, to launch fresh attacks.
Computers in Europe were used by Rocket Kitten hackers in Tehran to stage remote attacks on targets in Saudi Arabia, other countries neighboring Iran, Israel, Europe, the United States, Venezuela and Iran itself, according to Check Point researchers.
“We believe these attacks are very similar to the ones previously attributed to the Iranian Revolutionary Guard Corps,” Tal said of links between the two groups.
