Iran operated a fake company for the removal of hostile spies

Illustration of figures with computers in front of the US and Iranian flags - REUTERS/ DADO RUVIC

Enrique Fernández

29 de agosto de 2024 (17:00 h.)

Tags

Investigators said the ‘hackers’ were associated with the APT24 group, known to interfere in the US presidential election

New blow to Iranian intelligence. Iran's secret intelligence and cybersecurity services, one of the most sophisticated in the world, has been caught falsely recruiting human resources personnel to lure officials from countries Tehran considers hostile.

Through a bogus recruitment business, APT24, also known as Charming Kitten, controlled by the Iranian Revolutionary Guard, has sought military personnel from Syria, Iran and Lebanon who are willing to reveal state secrets to hostile countries, mainly Israel and other Western governments.

Logo of US cybersecurity company Mandiant - REUTERS/ DADO RUVIC

The recruitment mechanism was based on a network of fake social media profiles and fake company websites posing as Israeli companies. These included IP Human Solutions, also known as VIP Recruitment, Optima HR and Kandovan HR, among others. According to Mandiant, the Iranians posed as Israelis in order to find out who would be willing to sell sensitive Iranian intelligence information.

Some of the messages disseminated were: ‘Join us to help each other influence the world. Our duty is to protect your privacy’, or 'VIP Recruitment is a respected recruitment centre for military personnel for the army, security services and intelligence services in Syria and Hezbollah, Lebanon'.

Instagram, Snapchat, Twitter, Facebook and Google, mobile app logos - AFP/ DENIS CHARLET

As reported by Christopher Bing, a writer for Reuters, the Charming Kitten group used dozens of fake online profiles on Telegram, Twitter, YouTube and the Virasty social media platform, the most popular within Iranian territory, to promote the ‘front companies’.

The documents published by Mandiant claim that data collected over the past few months on APT24 could help Iranian intelligence to locate military or government officials interested in collaborating with Iran's enemies.

The popularity of Iran's domestic messaging apps has increased since authorities imposed crippling internet restrictions in the country, but users are also circumventing the restrictions and accessing blacklisted apps and websites - AFP/ ATTA KENARE

‘The data collected can be used to uncover human intelligence (HUMINT) operations conducted against Iran and to pursue any Iranians suspected of involvement in such operations,’ the statement said. The company indicated that the number of victims is unknown and that any data collected on addresses, contact details, etc. could be used if necessary.

According to Bing and investigations by Alphabet division company Mandiant, this group had already been interfered with by the FBI removing many of the fake accounts they use for interfering in the US election process.

FBI logo - AFP/CARLO ALLEGRI

In both the 2020 and 2024 elections, this group belonging to the Tehran-based Iranian Revolutionary Guard, which is military in nature, is under investigation for possible attacks on election software. According to the FBI, the mission dates back to at least 2017.

Iran's intentions to destabilise US politics again have backfired. While they are not the only ones trying to sabotage US security systems, they are not the only ones to be caught either.