New blow to Iranian intelligence. Iran’s secret intelligence and cybersecurity services, one of the most sophisticated in the world, has been caught falsely recruiting human resources personnel to lure officials from countries Tehran considers hostile.
Through a bogus recruitment business, APT24, also known as Charming Kitten, controlled by the Iranian Revolutionary Guard, has sought military personnel from Syria, Iran and Lebanon who are willing to reveal state secrets to hostile countries, mainly Israel and other Western governments.
The recruitment mechanism was based on a network of fake social media profiles and fake company websites posing as Israeli companies. These included IP Human Solutions, also known as VIP Recruitment, Optima HR and Kandovan HR, among others. According to Mandiant, the Iranians posed as Israelis in order to find out who would be willing to sell sensitive Iranian intelligence information.
Some of the messages disseminated were: ‘Join us to help each other influence the world. Our duty is to protect your privacy’, or ‘VIP Recruitment is a respected recruitment centre for military personnel for the army, security services and intelligence services in Syria and Hezbollah, Lebanon’.
As reported by Christopher Bing, a writer for Reuters, the Charming Kitten group used dozens of fake online profiles on Telegram, Twitter, YouTube and the Virasty social media platform, the most popular within Iranian territory, to promote the ‘front companies’.
The documents published by Mandiant claim that data collected over the past few months on APT24 could help Iranian intelligence to locate military or government officials interested in collaborating with Iran’s enemies.
‘The data collected can be used to uncover human intelligence (HUMINT) operations conducted against Iran and to pursue any Iranians suspected of involvement in such operations,’ the statement said. The company indicated that the number of victims is unknown and that any data collected on addresses, contact details, etc. could be used if necessary.
According to Bing and investigations by Alphabet division company Mandiant, this group had already been interfered with by the FBI removing many of the fake accounts they use for interfering in the US election process.
In both the 2020 and 2024 elections, this group belonging to the Tehran-based Iranian Revolutionary Guard, which is military in nature, is under investigation for possible attacks on election software. According to the FBI, the mission dates back to at least 2017.
Iran’s intentions to destabilise US politics again have backfired. While they are not the only ones trying to sabotage US security systems, they are not the only ones to be caught either.
Source » reuters