Connect with us

Hi, what are you looking for?



Iran-Linked Influence Campaign Targets US, Others

Threat actors apparently working out of Iran have been conducting an operation whose goal is to influence the opinions of people in the United States and other countries around the world, FireEye reported on Tuesday.

Threat actors apparently working out of Iran have been conducting an operation whose goal is to influence the opinions of people in the United States and other countries around the world, FireEye reported on Tuesday.

This campaign, which the cybersecurity firm describes as an “influence operation,” involves a network of “inauthentic” news websites and clusters of social media accounts whose apparent purpose is to “promote political narratives in line with Iranian interests.”

The sites that FireEye calls “inauthentic” make an effort to hide their origins and affiliations, and rely on fake social media personas to promote content. This content is either original, copied from other sources, or taken from other sources and modified.Iran runs influence operation

The campaign, which has been active since at least 2017, focuses on anti-Israel, anti-Saudi, and pro-Palestine topics. The threat actor behind the operation has also distributed stories regarding U.S. policies that are favorable to Iran, including the Joint Comprehensive Plan of Action nuclear deal.

In addition to the United States, the group’s targets include the United Kingdom, Latin America and the Middle East.

FireEye researchers have found several pieces of evidence suggesting that Iran is behind the operation. This includes domains registered with email addresses associated with Iranian organizations, Twitter accounts registered with phone numbers with Iran’s +98 country code, and online personas promoting Iranian holidays.

However, the company says it’s only “moderately confident” that Iran is behind the activity, mainly due to the fact that this is an influence operation, which are meant to be deceptive.

The cybersecurity firm noted that the Iran-linked threat actor tracked as APT35, NewsBeef, Newscaster and Charming Kitten has also leveraged these types of inauthentic news sites and social media personas in its cyber espionage operations, but there is no evidence that this influence campaign has been conducted by APT35.

Advertisement. Scroll to continue reading.

“The activity we have uncovered is significant and demonstrates that actors beyond Russia continue to engage in online, social media-driven influence operations as a means of shaping political discourse,” said Lee Foster, Manager of Information Operations Analysis at FireEye. “It also illustrates how the threat posed by such influence operations continues to evolve, and how similar influence tactics can be deployed irrespective of the particular political or ideological goals being pursued.”

FireEye is preparing a report containing technical details on the operation. The report will be shared on request.

Related: US Braces for Possible Cyberattacks After Iran Sanctions

Related: Iran-linked Hackers Adopt New Data Exfiltration Methods

Related: Iran-Linked ‘Leafminer’ Espionage Campaign Targets Middle East

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...