LONDON — As U.S. President Donald Trump re-imposed harsh economic sanctions on Iran last month, hackers scrambled to break into personal emails of American officials tasked with enforcing them, The Associated Press has found — another sign of how deeply cyberespionage is embedded into the fabric of U.S.-Iranian relations.
The AP drew on data gathered by the London-based cybersecurity group Certfa to track how a hacking group often nicknamed Charming Kitten spent the past month trying to break into the private emails of more than a dozen U.S. Treasury officials.
Also on the hackers’ hit list: high-profile defenders, detractors and enforcers of the nuclear deal struck between Washington and Tehran, as well as Arab atomic scientists, Iranian civil society figures and D.C. think tank employees.
“Presumably, some of this is about figuring out what is going on with sanctions,” said Frederick Kagan, a scholar at the American Enterprise Institute who has written about Iranian cyberespionage and was among those targeted.
Kagan said he was alarmed by the targeting of foreign nuclear experts. “This is a little more worrisome than I would have expected,” he said.
The hit list surfaced after Charming Kitten mistakenly left one of its servers open to the internet last month. Researchers at Certfa found the server and extracted a list of 77 Gmail and Yahoo addresses targeted by the hackers that they handed to the AP for further analysis.
It’s hard to know how many of the accounts were successfully compromised or how exactly they were targeted in each case. But even though the addresses likely represent only a fraction of the hackers’ overall efforts, they still provide considerable insight into Tehran’s espionage priorities.
“The targets are very specific,” Certfa researcher Nariman Gharib said.
In a report published Thursday, Certfa tied the hackers to the Iranian government, a judgment drawn in part on operational blunders, including a couple of cases where the hackers appeared to have accidentally revealed that they were operating from computers inside Iran.
The assessment was backed by others who have tracked Charming Kitten. Allison Wikoff, a researcher with Atlanta-based Secureworks, recognized some of the digital infrastructure in Certfa’s report and said the hackers’ past operations left little doubt they were government-backed.
“It’s fairly clear-cut,” she said.
Calls to Iranian officials were not returned late Wednesday, the beginning of the weekend in the country.
Iran has previously denied responsibility for hacking operations, but an AP analysis of its targets suggests that Charming Kitten is working in close alignment with the Islamic Republic’s interests.
The most striking among them were the nuclear officials — a scientist working on a civilian nuclear project for the Pakistan’s Ministry of Defense, a senior operator at the Research and Training Reactor in the Jordanian city of Ramtha, and a high-ranking researcher at the Atomic Energy Commission of Syria.
The trio suggested a general interest in nuclear technology and administration. — (AP)
Others on the hit list — such as Guy Roberts, the U.S. assistant secretary of defense for nuclear, chemical and biological defense programs — pointed to an eagerness to keep track of officials charged with overseeing America’s nuclear arsenal.
“This is something I’ve been worried about,” Roberts said when alerted to his presence on the list. —