Iranian Hackers Tried to Impersonate Israeli Cyber-security Company

Last month, the Israeli cybersecurity firm ClearSky discovered an Iranian hacker group called Charming Kitten running an operation it called Ayatollah BBC

Oded Yaron
Oded Yaron
National flags of Israel hang on the wall as employees work behind computer screens at the Jerusalem Venture Partners JVP Media Labs, situated in the JVP Media Quarter in Jerusalem, Israel, on Wednesday, Oct. 21 , 2015.
National flags of Israel hang on the wall as employees work behind computer screens at the Jerusalem Venture Partners JVP Media Labs, situated in the JVP Media Quarter in Jerusalem, IsraelCredit: Rina Castelnuovo/Bloomberg
Oded Yaron
Oded Yaron

The Israeli cybersecurity firm ClearSky has exposed several cases in which Iranian hackers impersonated legitimate websites. In February, for instance, it revealed an operation it called Ayatollah BBC – a series of Iranian-run websites impersonating foreign or even Iranian media outlets.

But earlier this month, it reported that it, too, has joined the list of victims of these Iranian “copy and paste” operations.

>> Why Netanyahu Failed to Mention the Iranian Link to the Cyberattack on Israel | Analysis ■ Israeli Officer: Iran Involved in Cyber Attacks During Gaza War

Last month, the company discovered that a hacker group called Charming Kitten, which had perpetrated previous attacks, was still operating. The group is connected to the Iranian government and is deemed an “advanced persistent threat,” meaning it comprises sophisticated hackers.

It has occasionally hit the headlines, once when one of its members was involved in breaking into the HBO television network and stealing videos and other files, including scripts for the hit series “Game of Thrones.”

The group often uses “watering hole” attacks, which utilize either legitimate sites or seemingly innocent but malicious sites to infect users with malware that the hackers can then use to spy on them. For instance, ClearSky researchers discovered the group had created a website which impersonated the German paper Deutsche Welle’s site.

The hackers also managed to insert a malicious page into the website of a Los Angeles Jewish community paper, the Jewish Journal. The page invited users to a webinar and included a link that activated a program called BeEF, which stands for Browser Exploitation Framework. BeEF was originally created for security researchers who look for security breaches, particularly in browsers, in order to improve their defenses. But it has proven a double-edged sword that attackers can use for less benign ends.

ClearSky’s most entertaining discovery so far, however, relates directly to the company. As the website Bleeping Computer reported last week, the Charming Kitten group impersonated ClearSky itself by creating a website almost identical to that of the Israeli firm, with a slightly different address; the imposter site ended in “.net” rather than “.com.”

ClearSky researchers found some broken links in the fake site, leading them to think it is still under development.

The obvious question is what the Iranian hackers hoped to achieve with this impersonation. The answer lies in one very significant difference between the two sites: Unlike the original site, the Iranian version allows users to register. This would enable the hackers to steal information from ClearSky’s customers, who would think they were merely registering to receive site updates. The moment a user clicked on the registration link, the hackers would be able to steal his or her personal information, including passwords for service providers.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN


Yair Lapid.

Yair Lapid Is the Most Israeli of All

An El Al jet sits on the tarmac at John C. Munro International Airport in Hamilton, Thursday, in 2003.

El Al to Stop Flying to Toronto, Warsaw and Brussels

An anti-abortion protester holds a cross in front of the U.S. Supreme Court in Washington, D.C.

Roe v. Wade: The Supreme Court Leaves a Barely United States

A young Zeschke during down time, while serving with the Wehrmacht in Scandinavia.

How a Spanish Beach Town Became a Haven for Nazis

Ayelet Shaked.

What's Ayelet Shaked's Next Move?

A Palestinian flag is taken down from a building by Israeli authorities after being put up by an advocacy group that promotes coexistence between Palestinians and Israelis, in Ramat Gan, Israel earlier this month

Israel-Palestine Confederation: A Response to Eric Yoffie