GCHQ issues alert over cyber attackers working on behalf of Iranian government

Your support helps us to tell the story

Support Now

Find out moreClose

Our mission is to deliver unbiased, fact-based reporting that holds power to account and exposes the truth.

Whether $5 or $50, every contribution counts.

Support us to deliver journalism without an agenda.

Louise Thomas

Editor

Intelligence chiefs have issued a new alert to warn of a threat from targeted phishing attacks being carried out by hackers working on behalf of the Iranian government.

The National Cyber Security Centre (NCSC), which is part of GCHQ, said cyber attackers working on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC) were using “social engineering” techniques to gain access to victims’ personal and business accounts online.

It said that people with links to Iranian and Middle Eastern affairs, such as current and former senior government officials, leading think tank personnel, journalists, activists and lobbyists, were at risk.

Iran is heavily involved in the escalating violence in the Middle East as a supporter of Hamas and Hezbollah in their conflict with Israel.

The US, which has also issued an alert alongside the UK, said people associated with US political campaigns had been targeted.

The hackers may impersonate family members, well-known journalists, discuss foreign policy topics or issue invitations to conferences, according to the warning.

“In some cases, the actors might impersonate email service providers to obtain sensitive user security information,” it added.

Paul Chichester, director of operations at the National Cyber Security Centre, said: “The spear-phishing attacks undertaken by actors working on behalf of the Iranian government pose a persistent threat to individuals with a connection to Iranian and Middle Eastern affairs.

“With our allies, we will continue to call out this malicious activity, which puts individuals’ personal and business accounts at risk, so they can take action to reduce their chances of falling victim.

“I strongly encourage those at higher risk to stay vigilant to suspicious contact and to take advantage of the NCSC’s free cyber defence tools to help protect themselves from compromise.”

“Spear phishing” targets a specific person or group and often includes information known to be of interest to the victim.

The Iranian hackers have often impersonated contacts by email and messaging platforms, and built a rapport with victims before tricking them into sharing user credentials via a false email account login page, the cyber experts warned.

“The actors can then gain access to victims’ accounts, exfiltrate and delete messages and set up email forwarding rules,” they added.

This activity “poses an ongoing threat to various sectors worldwide, including the UK”, the NCSC said.

People at risk – not the general public – are advised to follow the centre’s mitigation steps and to take up special support measures designed for “high-risk individuals”.

“Individuals who face a higher risk of targeting due to their work or public status are eligible to sign up for two opt-in cyber defence services managed by the NCSC,” the alert says.

US intelligence agencies have said that in the summer, Iranian hackers stole material from Donald Trump’s presidential campaign and sent it to officials in the Biden campaign as well as journalists.