I Spy With My Little Eye: Uncovering an Iranian Counterintelligence Operation

Written by: Ofir Rozmann, Asli Koksal, Sarah Bock


Today Mandiant is releasing details of a suspected Iran-nexus counterintelligence operation aimed at collecting data on Iranians and domestic threats who may be collaborating with intelligence and security agencies abroad, particularly in Israel. 

The data collected by this campaign may support the Iranian intelligence apparatus in pinpointing individuals who are interested in collaborating with Iran’s perceived adversarial countries. The collected data may be leveraged to uncover human intelligence (HUMINT) operations conducted against Iran and to persecute any Iranians suspected to be involved in these operations. These may include Iranian dissidents, activists, human rights advocates, and Farsi speakers living in and outside Iran.

Mandiant assesses with high confidence this campaign was operated on behalf of Iran’s regime, based on its tactics, techniques, and procedures (TTPs), themes, and targeting. In addition, we observed a weak overlap between this campaign and APT42, an Iran-nexus threat actor suspected to operate on behalf of Iran’s IRGC Intelligence Organization (IRGC-IO). This campaign’s activities are in line with Iran’s IRGC and APT42’s history of conducting surveillance operations against domestic threats and individuals of interest to the Iranian government. Despite the possible APT42 connection, Mandiant observed no relations between this activity and any U.S. elections-related targeting as previously reportedThis article has been indexed from Threat Intelligence

Read the original article: