Iran cyberspy group hit in coordinated European raids

FRANKFURT — European authorities have taken action to take down a cyber espionage campaign believed to be linked to Iran's powerful Revolutionary Guard, the first operation of its kind since Tehran signed a nuclear treaty, according to security researchers.

The hacker group — dubbed "Rocket Kitten" by security experts who have been hunting the hacker group since early 2014 — has mounted cyberattacks on high-profile political and military figures globally since that time, according to researchers from several cyber security firms who have monitored its activities.

The action could hamper Tehran's efforts to gather sensitive intelligence from rivals including Saudi Arabia, Israel, Turkey, the United States as well as ally Venezuela, which were among the nations targeted.

Researchers from US-Israeli security firm Check Point Software said the 1,600 high-profile targets include members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents and even the wives of high-ranking generals from unnamed countries.

"We have discovered the inner workings of a cyber espionage campaign," Shahar Tal, research group manager for US-Israeli security firm Check Point Software, told Reuters in an interview.

"It is extremely rare to obtain a comprehensive check-list of an nation's military intelligence interest," Tal said of the list of espionage targets discovered in the Iran hacker group's databases.

The company said it had informed national computer security response teams in Britain, Germany and the Netherlands, who in turn alerted police in those countries to the locations of "command and control" servers used to mount attacks controlled from Iran.

Europol and the FBI said they could not immediately comment. An official with Israeli internal security service Shin Bet told Reuters: "This matter is familiar to us and is being attended to" but would not offer more details.

Check Point plans to issue a report later on Monday. According to an advance copy obtained by Reuters, the report details how its experts burrowed inside the hacker group's database, giving them a map of malicious software tools and remote-controlled computers used by the group.

In coordinated actions, "command and control" computer links hosted unknowingly by five commercial data hosting and satellite communications operators in Europe, have largely now been shut down, Tal said, crippling the hackers' capacity, at least for some months, to launch fresh attacks.

Computers in Europe were used by Rocket Kitten hackers in Tehran to stage remote attacks on targets in Saudi Arabia, other countries neighbouring Iraq, Israel, Europe, the United States, Venezuela and Iran itself, according to Check Point researchers.

"We believe these attacks are very similar to the ones previously attributed to the Iranian Revolutionary Guard Corps," Tal said of links between the two groups. Other cyber security researchers have stopped short of linking the two groups.

A spokesman at the Revolutionary Guards' headquarters in Tehran declined to comment. Iranian foreign ministry officials were not available for comment.

Iran has been hit by several debilitating computer virus campaigns including Stuxnet, a cyber weapon jointly developed by the United States and Israel that destroyed some Iranian nuclear production facilities. Iran has responded with its own cyber spying capabilities since 2012, computer experts say.

The actions come as US President Barack Obama and Israeli Prime Minister Benjamin Netanyahu met on Monday for the first time since the Israeli leader lost his battle against the Iran nuclear deal.