Iran is using ``AI-generated newscasters'' in anti-Israel cyber operations, and there are concerns that they may also influence the US presidential election

Since the war between Hamas and Israel began in October 2023, groups associated with the Iranian government have been conducting cyber operations in support of Hamas. The Microsoft Threat Analysis Center (MTAC) has released the results of its investigation into anti-Israel cyber attacks by Iran.

Iran accelerates cyber ops against Israel from chaotic start - Microsoft On the Issues

Iran's srael cyber ops tease US election meddling tactics • The Register

How Iranian cyber ops pivoted to target Israel after 7 October attacks | Computer Weekly

◆1: Opportunistic dissemination of false information
According to MTAC, during the initial 'first phase' of the war between Hamas and Israel, the reactions of Iranian media and cyber activist groups were opportunistic and unsophisticated. In the first phase of operations, which took place in early October, the Tasnim news agency , which is affiliated with Iran's military organization Islamic Revolutionary Guard Corps, reported, ``A team called the ``Cyber Avengers'' carried out attacks on Israel at the same time as Hamas attacks. An example of this is a report stating that a cyberattack had been launched on a power plant.

CyberAvengers, a hacker group believed to be run by the Islamic Revolutionary Guard Corps, claimed to have attacked an Israeli power company the night before the Hamas attack. However, the reports of the Israeli power outage presented as evidence were from several weeks ago, and the screenshots did not include dates.

In addition, a hacker group called 'Malek Team' believed to be run by Iran's Ministry of Intelligence leaked personal data from an Israeli university on October 8, the day after the Hamas attack, but due to the conflict between Hamas and Israel, There was no direct relationship between the two. From these points, MTAC points out that Iran's cyber activities at the beginning of the war were reactive, uncoordinated, and uncoordinated.

◆2: Cooperative cyber activities by multiple groups
In the 'second phase' from mid-October to late October, the number of Iranian groups operating in Israel increased, with multiple groups targeting the same organizations and military bases in Israel to carry out cyber activities and influence operations. became. This suggests that there may have been coordination between mutual cyber operations groups, or that a common goal may have been set by the Iranian government.

For example, on October 18, a hacker group affiliated with the Islamic Revolutionary Guards Corps used customized ransomware to carry out a cyber attack on security cameras in Israel. The attack demanded a ransom, claiming to have obtained security cameras and data from Israel's

Nevatim Air Base , but the security camera footage released by the hacker group was not of the air base, but of the town of the same name. It turns out it was from a security camera.

◆3: Expansion of geographical scope
In late November, Iranian cyber activity expanded beyond Israel to include countries supporting Israel. For example, on November 20th, an Iranian hacker group warned of an attack on Albania in the Balkan Peninsula , and on the 21st, an attack was carried out targeting the government and financial institutions of Bahrain .

A hacker group affiliated with the Islamic Revolutionary Guard Corps has also hacked an American water utility that uses Israeli-made industrial computers.

A water company that did not change the password of its equipment from the default ``1111'' was hacked by Iranian hackers - GIGAZINE

In early December, an Iranian hacker group took over the online distribution of television programs and broadcast fake news by ``AI-generated newscasters''. The image below is a screenshot of fake news that was actually distributed online, and it is said to have affected viewers in Saudi Arabia, the United Kingdom, and Canada.

According to MTAC, the percentage of traffic accessing Iranian state media and related sites increased by 42% in the week that the war between Hamas and Israel broke out. This surge was particularly pronounced in the United States and its English-speaking allies (Britain, Canada, Australia, and New Zealand), demonstrating Iran's ability to reach Western countries with coverage of Middle East wars. One month into the war, traffic to these Iranian media outlets was still 28% higher than pre-war levels.

MTAC notes that the focus of Iran's cyber activities is based on four fundamental goals:

1: Destabilization due to division
Iran is focusing on the failure to make progress in negotiations for the release of hostages taken by Hamas to the Gaza Strip, and is posing as a peace activist criticizing the Israeli government, inciting social and political divisions within the country. In fact, demonstrations calling for the release of the hostages have become active in Israel, and some participants are calling for the dismissal of Israeli Prime Minister Benjamin Netanyahu .

2: Retribution
Many of Iran's messages and targets are clearly retaliatory, with CyberAvengers retaliating by attacking Israeli infrastructure in response to Israel's cutting off electricity, water, and fuel supplies to the Gaza Strip. I am.

3: Blackmail
In an attempt to undermine Israel's security, Iran has also allegedly threatened the families of Israeli Defense Forces soldiers and their supporters in the international community.

4: Weakening international support for Israel
Iranian cyber activist groups seek to undermine international support for Israel by highlighting the civilian harm caused by Israel's attacks on the Gaza Strip.

MTAC expects Iranian cyber activity related to the war between Hamas and Israel to continue, and its methods will become more sophisticated. It also claims that multiple Iranian cyber operations groups may be working together to influence the 2024 US presidential election.

In fact, in the 2020 U.S. presidential election, in which Democrat Joe Biden defeated Republican Donald Trump , Iranian hackers posed as far-right groups and sent threatening emails to Democrats, trying to sow division. We also know that they tried to speed things up and undermine credibility in the election.

in Web Service,   Security, Posted by log1h_ik