A prominent European Parliament member was the victim of what is believed to be a cyber-espionage operation tied to her role as chair of the chamber’s Iran delegation, she told POLITICO.
The office of Hannah Neumann, a member of the German Greens and head of the delegation spearheading work on European Union-Iran relations, was targeted by a hacking campaign that started in January, she said. Her staff was contacted with messages, phone calls and emails by hackers impersonating a legitimate contact. They eventually managed to target a laptop with malicious software.
“It was a very sophisticated attempt using various ways to manage that someone accidentally opens a link, including putting personal pressure on them,” Neumann said.
Neumann was made aware of the ongoing ploy four weeks ago by the German domestic intelligence service, she said.
The group thought to be behind the attack is a hacking collective associated with the Iranian Revolutionary Guard, known as APT42, according to a report by the Parliament’s in-house IT service DG ITEC and seen by POLITICO. Another Iranian hacking group, called APT35 or Charming Kitten, was initially considered a culprit too. The two Iranian threat groups are closely related.
Hackers as part of these groups were behind the operation that stole internal communication of Donald Trump’s presidential election campaign last year, leaking it to media including POLITICO. The Trump campaign later confirmed it was hacked, blaming Iran.
Neumann’s office laptop was targeted by the hackers earlier this year, she said. Parliament’s IT services carried out an investigation and said in their report that no sensitive information was taken since “all attempts were blocked by EP defenses” and it had been an “incomplete infection chain.”
Neumann said the Iranian regime “tried in many different ways to make me shut up and they haven’t succeeded. By infiltrating my office they hoped to get material they could use to [compromise] me.”
Infect, collect data
Google’s Mandiant Threat Intelligence service has previously found APT42 posing as journalists and event organizers to build trust with victims through ongoing correspondence, and to deliver invitations to conferences or legitimate documents, as a way to steal credentials and use them to gain access to cloud servers.
According to DG ITEC’s report, the so-called spear-phishing attack on Neumann was an attempt to infect the laptop and collect credentials, “with the likely intent of exfiltrating sensitive information or executing further espionage actions.”
The specific fraudulent identity that was used to establish contact with Neumann’s office was that of Matthew Levitt, a former United States FBI and government official who had had several exchanges with Neumann before.
The fake Levitt email asked for the German lawmaker to speak at a conference as part of his role at the Washington Institute for Near East Policy. It attached a link to download an alleged “highly confidential and thus encrypted” note.
As chair of the Parliament delegation for relations with Iran, Neumann regularly engages with trade unions, civil society organizations, human rights lawyers and activists fighting for democracy in the country. Neumann previously sat on the Parliament’s special inquiry committee into the use of Pegasus and other spyware in Europe.
“I work on spyware. I work with a lot of diaspora communities. So on a theoretical level I am always ready for something like this to happen. I check my phone regularly,” she said.
The attacks were “another way to further intimidate me and show me how powerful they are,” she said. “It was clearly a message coming from the [Iranian] Revolutionary Guards to make me shut up, which they have tried in different ways before. The right answer is to speak up … I have a duty to speak up,” she said.
Parliament spokesperson Delphine Colard said in a statement that the chamber’s services “constantly monitor cybersecurity threats as well as potential cyberattacks against its working environment and quickly deploy the necessary measures to prevent them or support the users. Due the sensitive nature of the activity, we do not provide further comment on [European Parliament] security or cybersecurity matters.”
European Parliament’s Iran delegation chair victim of Tehran-linked hacking
Source: Viral Showbiz Pinay
0 Comments