With all of the focus on Russian interference in elections around the world, it's easy to forget that Russia is only one of several state actors intent on fraudulently using social media to further their own political and business agendas. Enter Iran and a newly identified advanced persistent threat (APT) initiative, "Liberty Front Press," uncovered by FireEye in a report summary they just issued (FireEye Report Summary). Liberty Front deployed tactics very similar to Russia's Internet Research Group (IRG): creating pages and fake identities (purporting to be English and American) on social media as a means to disseminate and share divisive "news" that supported viewpoints deemed friendly to the Iranian government interests.Among the report's highlights:
- Hundreds of pages were identified by FireEye which shared content and were initiated from what appear to be purpose-built domains.
- Multiple issues were targeted, including "significant anti-Trump messaging." It's important to note that the focus on what we have called "issue clusters" and the selection of the issues themselves mirror Russia's ongoing social media efforts, which will be detailed in an upcoming report by SafeGuard Cyber.
- The positions also included issues with commercial business implications, as one of the promoted issues is support for the JCPOA or Iran Nuclear Treaty, which paved the way for global trade with Iran before being suspended by the Trump Administration.
For any company engaged in global business, #3 is the most alarming as it suggests that commercial entities could also be ensnared in the campaign, by supporting pro-JCPOA content created by this APT Group, a dynamic very similar to the divisive rallies incited leading up to the 2016 election by IRG. In the wake of the Trump administration's decision to suspend the JCPOA, experts also expect Iran will ramp up cyber attacks in retaliation. These attacks may take many forms, including social engineering against US companies to gain access to data or IP, especially companies with government ties, much like the Mia Ash hack against Deloitte. Alternatively, account takeover attacks could be launched to seize control of brand channels to inflict short-term reputational damage or for longer-term goals like malware distribution.
Read the summary report from FireEye here (link) and contact us for a demo or a risk assessment to hear more about how we can help your enterprise proactively detect and protect against new digital threats. Contact SafeGuard Cyber to receive a copy of our upcoming report on Russian Social Media Messaging and the implications for global businesses.