An Iranian government-backed hacking team allegedly stole and leaked private customer data belonging to French satirical magazine Charlie Hebdo, security researchers at Microsoft said Friday.
The magazine was hacked in early January after it published a series of cartoons that negatively depicted Iran’s Supreme Leader Ayatollah Khamenei. The caricatures were part of a media campaign that Charlie Hebdo said was intended to support anti-government protests in the Islamic nation.
Representatives for the Iranian and French governments did not immediately respond to requests for comment. A press officer for Charlie Hebdo said the magazine had no comment on the matter “for the moment.”
Iran publicly vowed an “effective response” to the “insulting” cartoons, and summoned the French envoy in Tehran, while also ending activities of the French Institute of Research in Iran and saying it was re-evaluating France’s cultural activities in the country.
Hack part of larger operation
The hack-and-leak targeting Charlie Hebdo was part of a wider digital influence operation with techniques matching previously identified activity linked to Iranian state-backed hacking teams, Microsoft researchers said in a report. The group responsible is the same one that U.S. Department of Justice officials earlier identified as having conducted a “multi-faceted campaign” to interfere in the 2020 U.S. presidential election, Microsoft said. Iran denied the claims at the time.
Amid Iran’s criticism of the Khamenei cartoons, a group of hackers calling itself “Holy Souls” posted on an online forum that they had access to the names and contact details of more than 200,000 Charlie Hebdo subscribers. In their post, they said they would sell the information for 20 bitcoins (approximately $470,000 USD).
A sample of the leaked data was later released and verified as authentic by the French newspaper Le Monde.
“This information, obtained by the Iranian actor, could put the magazine’s subscribers at risk for online or physical targeting by extremist organizations,” the Microsoft researchers said.
Twitter used to amplify reach
To amplify their operation, the Iranian hackers used Twitter accounts with fake or stolen identities to criticize the Khamenei cartoons. Two accounts impersonating a Charlie Hebdo editor and a technology executive also posted the leaked data before Twitter banned them, Microsoft said.
Twitter’s press team did not immediately respond to a request for comment.