Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

GCHQ issues alert over cyber attackers working on behalf of Iranian government

National Cyber Security Centre warns ‘malicious’ activity putting accounts at risk

Sian Elvin,Jane Dalton
Friday 27 September 2024 19:42 EDT
Iran’s Islamic Revolutionary Guard Corps is said to be accessing personal and business accounts
Iran’s Islamic Revolutionary Guard Corps is said to be accessing personal and business accounts (AFP via Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Intelligence chiefs have issued a new alert to warn of a threat from targeted phishing attacks being carried out by hackers working on behalf of the Iranian government.

The National Cyber Security Centre (NCSC), which is part of GCHQ, said cyber attackers working on behalf of Iran’s Islamic Revolutionary Guard Corps (IRGC) were using “social engineering” techniques to gain access to victims’ personal and business accounts online.

It said that people with links to Iranian and Middle Eastern affairs, such as current and former senior government officials, leading think tank personnel, journalists, activists and lobbyists, were at risk.

Iran is heavily involved in the escalating violence in the Middle East as a supporter of Hamas and Hezbollah in their conflict with Israel.

Iran’s Islamic Revolutionary Guard is accused of carrying out the phising attacks
Iran’s Islamic Revolutionary Guard is accused of carrying out the phising attacks (EPA)

The US, which has also issued an alert, said people associated with US political campaigns had been targeted.

The hackers may impersonate family members, well-known journalists, discuss foreign policy topics or issue invitations to conferences, according to the warning.

“In some cases, the actors might impersonate email service providers to obtain sensitive user security information,” it added.

Paul Chichester, director of operations at the National Cyber Security Centre, said: “The spear-phishing attacks undertaken by actors working on behalf of the Iranian government pose a persistent threat to individuals with a connection to Iranian and Middle Eastern affairs.

“With our allies, we will continue to call out this malicious activity, which puts individuals’ personal and business accounts at risk, so they can take action to reduce their chances of falling victim.

“I strongly encourage those at higher risk to stay vigilant to suspicious contact and to take advantage of the NCSC’s free cyber defence tools to help protect themselves from compromise.”

“Spear phishing” targets a specific person or group and often includes information known to be of interest to the victim.

The Iranian hackers have often impersonated contacts by email and messaging platforms, and built a rapport with victims before tricking them into sharing user credentials via a false email account login page, the cyber experts warned.

“The actors can then gain access to victims’ accounts, exfiltrate and delete messages and set up email forwarding rules,” they added.

This activity “poses an ongoing threat to various sectors worldwide, including the UK”, the NCSC said.

People at risk – not the general public – are advised to follow the centre’s mitigation steps and to take up special support measures designed for “high-risk individuals”.

“Individuals who face a higher risk of targeting due to their work or public status are eligible to sign up for two opt-in cyber defence services managed by the NCSC,” the alert says.

US intelligence agencies have said that in the summer, Iranian hackers stole material from Donald Trump’s presidential campaign and sent it to officials in the Biden campaign as well as journalists.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in