Iran actor behind Charlie Hebdo attack


ADVERTISEMENT

Holy Souls claimed it had stolen the personal information of over 200,000 customers of the satirical French magazine Charlie Hebdo.

The gang released a spreadsheet containing usernames, telephone numbers, and home and email addresses as proof. The leak could endanger customers by making them targets for extremist organizations.

“We believe this attack is a response by the Iranian government to a cartoon contest conducted by Charlie Hebdo. One month before Holy Souls conducted its attack, the magazine announced it would be holding an international competition for cartoons ‘ridiculing’ Iranian Supreme Leader Ali Khamenei,” Microsoft said in a detailed blog about the attack.

The issue with winning cartoons was about to be published in January, on the eighth anniversary of a terrorist attack in the magazine offices which was claimed by the Islamic terrorist group al-Qaeda.

The Iranian actor advertised the cache of data for sale for around $340,000.

“The release of the full cache of stolen data – assuming the hackers actually have the data they claim to possess – would essentially constitute the mass doxing of the readership of a publication that has already been subject to extremist threats (2020) and deadly terror attacks (2015),” Microsoft said.

On January 4, Iranian Foreign Minister Hossein Amir-Abdollahian criticized Charlie Hebdo’s cartoons and even summoned the French Ambassador to Iran over Charlie Hebdo’s “insult.”

Microsoft attributed the cyberattack to Neptunium (Holy Souls) based on a pattern typical of Iranian state-sponsored operations. Researchers highlighted several elements of the attack that resemble previous attacks by the Iran nation-state actors:

ADVERTISEMENT
  • A hacktivist persona claiming credit for the cyberattack.
  • Claims of a successful website defacement.
  • Leaking of private data online.
  • The use of inauthentic social media “sockpuppet” personas claiming to be from the country that the hack targeted to promote the cyberattack using language with errors obvious to native speakers.
  • Impersonation of authoritative sources.
  • Contacting news media organizations.