Canada's foreign signals intelligence agency is warning of the continued and growing sophistication of social engineering campaigns run by Iranian cyber threat actors.
Published today by the Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications Security Establishment Canada (CSE), the report outlines how Iranian cyber threat actors zero in on targets, with the goal of accessing information of political, economic, or military intelligence value to Iran.
The Cyber Centre is releasing this report through CSE's mandate to provide information assurance on cyber security: acquiring, using, and analyzing information from the global information infrastructure, or from other sources, to provide advice, guidance, and services to help protect electronic information and information infrastructures - to keep Canadians safe and secure.
In the report, the Cyber Centre assesses that Iranian cyber threat actors are using sophisticated social engineering methods to enhance their spear phishing activities, including:
- Creating fake accounts with credible, attractive personas on multiple platforms
- Using professional interactions on social media platforms to build relationships with targets over long periods of time
- Luring their targets into engaging with them by referring to highly emotional content on geopolitical issues or traumatic events
A fake persona may reach out posing as someone with a potential job opportunity, a representative of a think tank or research institute, or a journalist. They are known to target defence contractors, aerospace employees, energy sector employees, journalists, academics, activists, politicians, diplomats, and civil society groups.
This warning builds on CSE's assessments of Iran in CSE's recently-released National Cyber Threat Assessment, which outlined how Iran uses its cyber program to coerce, harass and repress its opponents.
Read the full assessment.
Find Cyber guidance on how you may protect yourself from spear phishing.
