Microsoft analysts have said that a group of “government” hackers from Iran called Neptunium is behind the hacking campaign against the French satirical magazine Charlie Hebdo. Last month, the group said it had stolen the personal information of 200,000 Charlie Hebdo subscribers by gaining access to the publication’s internal database.
In January 2023, someone going by the name Holy Souls put Charlie Hebdo subscriber information up for sale, valuing the dump at 20 BTC (roughly $340,000 at the time). Then the French news publication Le Monde confirmed the authenticity of the information that fell into the hands of hackers.
The published samples included names, phone numbers, addresses, email addresses, and more. Holy Souls advertised the stolen data on YouTube, on several hacker forums, and actively posted about the leak on social media.
According to Microsoft, the attack and the data breach that followed followed the magazine’s decision to hold a cartoon contest in which readers were asked to submit drawings mocking Iran’s supreme leader, Ali Khamenei. The issue with the winning cartoons was supposed to be published in early January, timed to coincide with the eighth anniversary of the terrorist attack and attack on the publication’s office.
Iranian Foreign Minister Hossein Amir Abdollahian sharply criticized the competition, calling it “insulting and impolite action directed against the religious and political-spiritual authorities” of the country. He added that it was Charlie Hebdo’s actions that would not be “left unanswered”. In addition, the Iranian Foreign Ministry demanded a meeting with the French ambassador and also closed the French Research Institute in Iran.
As Microsoft researchers now write, the attack on the magazine is linked to the Iranian government because it matches attributes seen in other attacks by Iranian hackers. “Coincidences” even include the tactics of using hacktivists, who eventually claimed responsibility for hacking and leaking personal information. data. According to experts, Holy Souls is none other than the Iranian hack band Neptunium, also known as Emennet Pasargad.
“The campaign targeting Charlie Hebdo used dozens of francophone sockpuppet accounts to amplify its campaign and spread antagonistic messages. On January 4, accounts, many of which were very recent and had few followers, began posting criticism of the Khamenei cartoons on Twitter, the researchers said. — Crucially, even before the reports of the cyberattack, these accounts posted identical screenshots of the site’s defacement, with a message in French saying that Charlie Hebdo was hacked (Charlie Hebdo a été piraté).
In addition, two fake social media accounts purporting to belong to the French CTO and editor of Charlie Hebdo also posted similar screenshots until they were banned.
Later, the same set of accounts were used to ridicule France and spread jokes that “French cybersecurity experts should be Charlie’s next cartoon characters.”