
Microsoft said Friday that the Iranian nation-state group, already sanctioned by the U.S. government, was behind last month’s attacks targeting French satirical magazine Charlie Hebdo and its thousands of readers. said there is.
The attack came to light on January 4, when an unknown group calling themselves Holy Souls claimed to have obtained the Charlie Hebdo database containing the personal information of 230,000 customers on the internet. According to this post, the database was priced at 20 BTC, which was around $340,000 at the time. The group also released samples of data, including full names, phone numbers, home and email addresses of people who subscribed to publications or purchased products.French media confirmed the veracity of the leaked data. confirmed.
The release of the samples exposed customers to online targeting and physical violence by extremist groups. These groups have taken reprisals in recent years against Charlie Hebdo, who satirically dealt with issues relating to Islam and Islamic countries such as Iran. Retaliation included two French Muslim terrorists and his brother opening fire in Charlie Hebdo offices in 2015, killing 12 people and wounding 11 others. To draw even more attention to the compromised data, a series of fake personas falsely claiming to be the editor of Charlie Hebdo took to his social media outlets to discuss and publicize the leak.

microsoft
On Friday, Clint Watts, general manager of Microsoft’s Digital Threat Analysis Center, wrote:
The attack is believed to be the Iranian government’s response to a comic contest run by Charlie Hebdo. A month before Holy Souls carried out its attack, the magazine announced it would hold an international contest for cartoons to “mock” Iran’s Supreme Leader Ali Khamenei. An issue featuring the award-winning cartoon will be published in early January, coinciding with his eighth anniversary of the attack on the magazine’s offices by two of his al-Qaeda in the Arabian Peninsula (AQAP)-inspired attackers. was.
The tactics, techniques and procedures of the influence campaign led Microsoft researchers to conclude that it was the work of Emennet Pasargad, an Iranian group that has long been monitored and targeted by the US government. The FBI said in January 2022 that Emmennet Pasargad was behind a “multi-pronged campaign to interfere in the 2020 US presidential election.”
Participants in this operation obtained sensitive information about U.S. voters from at least one state election website, sent threatening emails designed to intimidate voters, and disseminated information about non-existent voting vulnerabilities. We have released a video to air. The group also claimed an alliance with the neo-fascist group Proud Boys to further intimidate voters.
Last October, the FBI said Emennet Pasargad targeted an Israeli group. of destructive crypto-malware. “
In 2021, the U.S. Treasury Department will impose sanctions on Emmennet Pasargad and six Iranian nationals who are members, citing attempts to “sow discord in the U.S. electoral process and undermine voter confidence.” rice field.
In a post on Friday, Microsoft said it was “very confident” that this group, which the company calls Neptunium, was behind Charlie Hebdo’s influence campaign. Ratings were based on factors including:
- Hacktivist persona claiming credit for cyber attacks
- Claims of successful website defacement
- Online leak of personal information
- Use of inauthentic social media “sockpuppet” personas (social media accounts that use false or stolen identities to obfuscate the actual owner of the account for deceptive purposes). Claims to be from a country targeted by hacks to facilitate cyberattacks, using blatantly false language.to native speakers
- Impersonating a trusted source
- Contacting the News Maida Organization

microsoft
According to Microsoft, the January campaign used French-language sockpuppet social media accounts, many of which had low follower counts, spread leaks and “delivered hostile messages.” The account also posted criticism of a caricature contest aimed at Khamenei.
“Importantly, before the alleged cyberattack was substantively reported, these accounts posted identical screenshots of a defaced website, with the message in French: Charlie Hebdo It included ‘a été piraté’ (‘Charlie Hebdo is hacked’),” said Watts. I have written.
Shortly after, at least two social media accounts — one from a tech executive and one from Charlie Hebdo’s editor — posted screenshots of the leaked customer data.
Campaigns documented by Microsoft are a reminder that social media is often manipulated by special interest groups. People are encouraged to keep this in mind and carefully validate claims before spreading them further.