Iran: soupçon d'opération de cybersurveillance sur
smartphones
·
Par Le
Figaro.fr avec AFP
·
Mis à jour le 07/09/2018 à 20:56
·
Publié le
07/09/2018 à 20:50
Le spécialiste israélien de la cybersécurité Check
Point a révélé aujourd'hui une opération de cybersurveillance menée sur
quelques centaines de citoyens iraniens, via des logiciels malveillants
implantés dans leurs smartphones, soupçonnant l'Irand'être
à l'origine de l'opération. "C'est la première fois à notre
connaissance qu'une analyse technique permet de mettre en exergue le fait
qu'un gouvernement a mené une campagne de cyberespionnage sur des smartphones
avec une population ciblée", déclare Thierry Karsenti, vice-président
Europe (pour la partie technique), à l'AFP.
L'entreprise n'est pas sûre que l'Iran soit à l'origine
de cette cybersurveillance, mais elle se base sur la nature des personnes
ciblées, le type d'applications et "l'infrastructure de l'attaque".
Dans le numérique, "vous ne pouvez jamais relier à l'origine à
100%", note Thierry Karsenti. Check Point a établi que depuis 2016,
en Iran, des personnes soutenant le groupe Etat
islamique, ainsi que des personnes d'origine kurdes et
turques, ont été la cible d'une cyberattaque permettant de collecter toutes
les données liées à l'utilisation de leur smartphone: leurs conversations
orales ou écrites, quelle que soit la messagerie utilisée, leurs
déplacements, leurs photos et vidéos, etc.
Leurs téléphones sont infiltrés au moyen d'applications
à télécharger, en apparence inoffensives, telle qu'une fausse version d'une
messagerie ou de l'agence kurde d'information, ou encore une application
offrant des fonds d'écran représentant le groupe Etat
islamique. "Les smartphones sont les mouchards idéaux pour faire de
la cybersurveillance", explique Thierry Karsenti. "Contrairement
aux ordinateurs, ils vous suivent partout, ils sont quasiment tout le temps
allumés, ils ont beaucoup de capteurs, un appareil photo et vidéo de chaque
côté, un micro, un GPS embarqué... et c'est un outil communiquant."
|
https://www.bleepingcomputer.com/news/security/domestic-kitten-apt-operates-in-silence-since-2016/
Domestic Kitten APT Operates in Silence Since 2016
By
·
September 7, 2018
·
10:46 AM
An extensive
surveillance operation targets specific groups of individuals with malicious
mobile apps that collect sensitive information on the device along with
surrounding voice recordings.
Researchers with
CheckPoint discovered the attack and named it Domestic Kitten. The targets
are Kurdish and Turkish natives, and ISIS supporters, all Iranian citizens.
The data collected
by Domestic Kitten from compromised phones includes a wealth of information,
as detailed below:
The operation may
be active since 2016
The threat actor
uses three mobile applications that are of interest to the potential victims:
a wallpaper changer, an app purporting to offer news updates from ANF (a
legitimate Kurdish news website), and a fake version of the Vidogram
messaging app.
The wallpaper
changer is designed to lure victims by offering them ISIS-related pictures to
set as the screen background.
The certificate
used for signing all three apps, a requirement installing them on an Android
device, was issued in 2016. This suggests that the campaign escaped detection
for two years.
To exfiltrate
data from a compromised device the apps use HTTP POST requests to the
command and control (C2) server available at newly registered domains.
One of the apps
also contacts a website (firmwaresystemupdate[.]com) that resolved to an
Iranian IP address initially but changed to a Russian address.
All data
delivered to the C2 is encrypted with the AES algorithm and can be decrypted
with a device ID the attacker creates for each victim.
Domestic Kitten
Makes Thousands of Collateral Victims
CheckPoint's
analysis shows that 240 users have fallen victim to operation Domestic
Kitten. More than 97% of them are Iranians, the rest being victims in
Afghanistan, Iraq and Great Britain.
However, due to
the comprehensive nature of the surveillance of the campaign, private information
of thousands of individuals has been compromised.
They are not
necessarily the object of the surveillance, but collateral victims whose
details were leaked from contact lists or conversations with the targets.
Clues point to
state-backed Iranian APT
In a report
shared with BleepingComputer, the researchers say that the operator of
Domestic Kitten remains unconfirmed, but based on the political conditions in
the region they believe Iranian government entities are behind it.
"Indeed,
these surveillance programs are used against individuals and groups that
could pose a threat to the stability of the Iranian regime. These could
include internal dissidents and opposition forces, as well as ISIS advocates
and the Kurdish minority settled mainly in Western Iran," CheckPoint
explains.
They say that the
nature of the targets, the apps and the attack infrastructure are clues that
support the theory of an Iranian origin.
·
·
·
Ionut Ilascu is
freelancing as a technology writer with a focus on all things cybersecurity.
The topics he writes about include malware, vulnerabilities, exploits and
security defenses, as well as research and innovation in information
security. His work has been published by Bitdefender, Netgear, The Security
Ledger and Softpedia.
|
مطالب مارا در وبلاک خط سرخ مقاومت ودر توئیتربنام @bahareazady دنبال کنید
پیش بسوی قیام سراسری ، ما بر اندازیم# شهرهای ایران اعتصاب # تظاهرات#
سرنگونی # اتحادوهمبستگی مرگ_بر_دیکتاتور #IranRegimeChange
