Iranian ‘Newscaster’ cyber spies snooped on US and Israeli officials


Iran-based hackers used fake personas on Facebook, Twitter, LinkedIn, Google+, YouTube and Blogger to mount a far-reaching cyber espionage campaign targeting US and Israeli officials.

Security firm iSight Partners tracked the campaign to a group of Iranian hackers which it claims has ensnared as many as 2,000 victims across the globe in an operation dubbed ‘Newscaster’.

“This campaign, working undetected since 2011, targets senior US military and diplomatic personnel, congressional personnel, Washington DC area journalists, US think tanks, defence contractors in the US and Israel, as well as others who are vocal supporters of Israel to covertly obtain log-in credentials to the email systems of their victims,” read the report.

The attacks targeted people with requests from fake online personas claiming to work in journalism, government and defence contracting.

“These credible personas connected, linked, followed and ‘friended’ target victims, giving them access to information on location, activities and relationships from updates and other common content,” explained iSight.

“Accounts were then targeted with ‘spear-phishing’ messages. Links which appeared to be legitimate asked recipients to log-in to false pages, thus capturing credential information.”

The security firm said it is currently unclear what data was taken during the attacks.

“We are unable to say with complete visibility. However, it is reasonable to assume that a vast amount of social content was compromised in addition to some number of log-in credentials that can be used to access additional systems and information,” read the report.

“As users often maintain the same credentials for multiple sites, it is impossible to determine the scope, scale and duration of data loss.”

Targeted attacks are a growing problem facing governments and businesses. Security firm FireEye reported that the 90 Advanced Persistent Threat families currently active infected over 250 workstations with malware every day in April.

29 May 2014 | 1:17 pm – Source:

Leave a Reply

Your email address will not be published.