US CISA and Microsoft Warn on Iranian Groups’ Increased Cyber Capabilities

When it comes to noteworthy headlines in the cybercrimes area, Iran has made quite a stir lately. Along with Russia, China, and North Korea, Iranian cybercriminals have climbed their way up to the top of the most threatening groups.

Their expertise lies in meddling with US elections, disclosing patient data, and particularly creating backdoors to capture intellectual property.

As they’ve succeeded with many phishing attacks and other online frauds, anyone can be a potential victim of their schemes.

Let’s learn more about Iranian attack strategies and valuable tips to avoid their deceiving tricks.

Iran’s History with Cyber-Attacks

In terms of internet control, you can safely say Iran has an authoritarian regime. The country has known frequent internet shutdowns in response to social protests. Also, currently, Iran has blocked 50% of the top 500 visited websites globally, including social media apps or entertainment sites like YouTube.

Still, Iran has managed to up its game into building strong cyber capabilities. So much so that the US CISA (Cybersecurity and Infrastructure Security Agency) has given an official warning on Iran’s potential of performing highly lucrative attacks.

Ever since the Stuxnet attack in 2010, Iranian cybercriminals have particularly enforced cyber-espionage campaigns targeting countries such as the US, Israel, Saudi Arabia, and the UAE. Stuxnet was a computer virus leading to an attack on Iran’s nuclear enrichment centrifuge; the malware was claimed to have been developed by Israel and the US.

The Iranian groups’ aim was and still is to uncover political and military intelligence secrets and steal intellectual property.

Check below some of the most recent cybercrimes linked to Iranian groups that have been in the spotlight.

Twitter, Iranian attackers steal credentials

Google’s Warning on APT35 Group Aka Charming Kitten

After years of observing and analyzing patterns, Google’s TAG (Threat Analysis Group) research and assessments uncovered APT35 Group has links with the Iranian government. APT35, also known as Charming Kitten, has deployed several types of attacks, including phishing emails targeting Gmail users or slipping spyware apps within Google Play Store.

The Iranian group’s well-engineered attacks compromised government agencies and private companies. The group’s sophisticated tricks involved asking victims to add a 2FA (two-factor-authentication) in addition to their account password.

Telegram was also part of APT35’s schemes, as Iranian bad actors used a bot on the Telegram API to monitor visits to their created phishing sites. Telegram later removed the bot after Google disclosed this bug.

BlackShadow Revenge Attacks on Israel

BlackShadow, a cyber force linked to Iran, leaked personal information, appointment details and test results of around 290,000 patients of Israel’s Machon Mor medical institute. Researchers presumed the attack was a revenge response after BlackShadow had previously launched a ransomware attack on an Israeli dating website a few days earlier. The dating website refused to pay their requested ransom of $1 million in digital currency in exchange to hand back their users’ private information.

Also, BlackShadow has attacked CyberServe’s network several times – an Israeli internet hosting company. Their attacks on CyberServer were also thought of as revenge for the major loss on Iran’s gas distribution system attacked on October 26. Iran had blamed the US and Israel for this attack.

Two Iranians Charged for Influencing American Voters in 2020

The US has charged two members of an Iranian group for trying to confuse American voters during the 2020 presidential elections. The perpetrators downloaded confidential voter data from 100,000 American voters and then infiltrated a US media outlet’s network. They sent threatening emails and intimidated Democratic voters to convince them to vote for then-President Donald Trump. Their messages also claimed that Democrats were planning to manipulate mail-in ballots to increase their election chances.

Boost Your Cybersecurity Protection

There are a few things you can do to stay away as much as possible from Iranian type of threats.

Dodge from phishing emails

Phishing emails are the typical luring frauds that cybercriminals use to persuade you into revealing personal or confidential information.

Check all emails carefully, look for details that don’t seem right, and don’t click on any links or download attachments from unknown senders! Phishing scam victims end up downloading malicious code that can compromise their systems while attackers gain access to their files.

Create strong passwords

Never recycle passwords and choose strong and unique passwords for each of your accounts. Basic password security highly improves and protects your digital privacy. It doesn’t even have to be such an effort with the help of a password manager.

Whenever possible, use 2-factor authentication in addition to your password.

Use a VPN

A VPN encrypts all your online connections with bulletproof 256-AES bit technology so that you can stay away from snoopers. Hide your IP address, and you’ll boost your online privacy a great deal. Additionally, amp up your digital security with a premium antivirus built to protect you against the latest threats, including malware or zero-day attacks.


Have you ever been the victim of a cyber-attack that was later uncovered to be linked to Iranian groups?

Let me know in the comments section below.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*