Iranian Cyber Groups Spying on Dissidents & Others of Interest to Government
Two cyber threat groups have been identified and determined to be working for the Iranian government. One of the groups is called Infy and has been operating since at least 2007. Infy has been accused of perpetrating attacks against Persian language media, diplomatic targets, and Iranian dissidents in multiple countries such as the US and Canada. According to researchers at Check Point Security, an investigation determined that the Iranian government is still spying on the mobile phones and devices of dissidents and other individuals of interest to the regime.
Infy has been installing surveillance malware on the targeted PCs, seeking to collect a massive trove of information on them. This includes data such as contact information, voice recordings, image captures, and other sensitive information. Infy alleged paused its operations between 2016 and 2017 after Palo Alto Network researchers were able to take down the group’s infrastructure. However, less than a year later in August 2017, Infy was spotted distributing data-stealing malware called Foudre through phishing attempts.