Iranian Regime Hackers Behind Influence Campaign To Disrupt Iran Opposition Rally

Sau­di Eng­lish lan­guage media is report­ing that Iran­ian regime hack­ers tar­get­ed an online ral­ly in July, which brought togeth­er a large num­ber of dis­si­dents, as well as more than 1,000 politi­cians and gov­ern­ment offi­cials, includ­ing for­mer New York May­or Rudy Giu­liani and for­mer US Sen­a­tor Joseph Lieber­man. Accord­ing to the Arab News report,  the US cyber and threat intel­li­gence con­sul­tan­cy Tread­stone 71 iden­ti­fied thou­sands of fake social media accounts cre­at­ed to dis­rupt the ral­ly and tar­get the par­tic­i­pants and was con­duct­ed by the para­mil­i­tary wing of the Islam­ic Rev­o­lu­tion­ary Guard Corps (IRGC) and Iran’s Min­istry of Intel­li­gence and Secu­ri­ty (MOIS):

Octo­ber 28, 2020 The RGCU launched the pri­ma­ry cam­paign on July 17 at 16:59 CEST, imme­di­ate­ly after the speech by Maryam Rajavi, start­ing the process of audi­ence involve­ment, account mobi­liza­tion, and hash­tag rep­e­ti­tion. The coor­di­nat­ed launch helped to cre­ate iden­ti­fi­able Twit­ter trend­ing. The RGCU expand­ed the cam­paign by dis­trib­ut­ing and repub­lish­ing influ­en­tial core mem­bers’ tweets and con­tent. The repub­lish­ing trig­gered thou­sands of bots and fake accounts with low fol­low­er­ship belong­ing to Basij Cyber Units…With the entry of influencers…the cam­paign entered the next oper­a­tions stage. The con­tent and tweets were dis­trib­uted and repub­lished by those influ­en­tial IRGC Cyber Units. The nar­ra­tive between these users reveals their role in pro­mot­ing the cam­paign and the pur­pose of the per­sonas. Thou­sands of bots and fake accounts with low fol­low­er­ship belong­ing to Basij Cyber Units wide­ly repub­lished and retweet­ed tweets pub­lished by influ­encers and retweet­ed and pro­mot­ed the posts by oth­er accounts that had used the giv­en hashtag.

Read the rest here.

Full Tread­stone 71 report here.

Maryam Rajavi has been a long-term leader of the People’s Muja­hedin of Iran (MEK), one of the main Iran­ian oppo­si­tion groups, and was removed from the US ter­ror list in 2012.

Glob­al Influ­ence Oper­a­tions Report (GIOR) report­ing on Iran­ian influ­ence oper­a­tions uti­liz­ing social media have included:

• An Octo­ber 2020 report that Face­book had removed a net­work of Iran­ian gov­ern­ment-con­nect­ed accounts on Face­book and Insta­gram said to have tar­get­ed main­ly the US and Israel.

• An Octo­ber 2020 report that the US Trea­sury des­ig­nat­ed five Iran­ian enti­ties said to have been involved in the Iran­ian regime’s attempts to influ­ence the US elections.

• An Octo­ber 2020 report that The US Depart­ment of Jus­tice had seized 92 inter­net domains used by Iran’s Rev­o­lu­tion­ary Guard as part of a glob­al dis­in­for­ma­tion campaign.

• A Novem­ber 2020 report that Microsoft had linked the Iran­ian hack­er group Phos­pho­rus to an attempt to break into per­son­al e‑mails accounts of the Munich Secu­ri­ty Con­fer­ence attendees.