Google said their technical research team has identified evidence of ‘state-sponsored phishing attack’ that is associated with the Islamic Republic of Iran Broadcasting (IRIB).
In a post-Thursday, the company posted an update on the attempted state-sponsored hacking and influence campaigns said it had found a number of different YouTube channels, blogs, and Google+ accounts that are linked to the campaign from IRIB.
Google added three important pieces of evidence identified the attack was being carried out by the IRIB. They, include:
- “Technical data associated with these actors are strongly linked to the official IRIB IP address space.
- Domain ownership information about these actors is strongly linked to IRIB account information.
- Account metadata and subscriber information associated with these actors is strongly linked to the corresponding information associated with the IRIB, indicating common ownership and control.”
These facts, the company said “[…]indicate that this effort was carried out as part of the overall operations of the IRIB organization, since at least January 2017.” And, helped to identify and terminate a number of accounts. “We identified and terminated a number of accounts linked to the IRIB organization that disguised their connection to this effort, including while sharing English-language political content in the U.S.,” Google, wrote in the post.
The violations were discovered in “39 YouTube channels that had 13,466 total U.S. views on relevant videos; 6 blogs on Blogger, and 13 Google+ accounts.”
Google added in addition to IRIB, they have also broadened IRA ( Internet Research Agency)-related operation since last year and has detected and removed “42 YouTube channels,” which had [58 English-language political videos] with a total of fewer than 1,800 U.S. views.
The company says it had been working with cybersecurity company FireEye on the “influence operation” linked to Iran, noting that FireEye specifically identified “some suspicious Google accounts [3 each of email accounts, YouTube channel, and Google+ accounts],” which the company then disabled.
Besides, a series of notifications were also issued to Gmail users, who were subjected to the suspicious emails from a wide range of countries.
You can read the full 20–page report from FireEye here.