European Parliament's Iran Delegation Chair Victim of Tehran-Linked Hacking
A high-ranking member of the European Parliament, Hannah Neumann, chair of the chamber's Iran delegation, has revealed that her office was targeted by a sophisticated cyber-espionage operation linked to the Iranian Revolutionary Guard. The hacking campaign began in January and involved multiple attempts to infiltrate Neumann's laptop with malicious software, according to sources within the German domestic intelligence service.
Neumann, a member of the German Greens party, reported that her staff received messages, phone calls, and emails from hackers impersonating a legitimate contact. The attackers used various tactics to gain access to Neumann's system, including sending personal messages to her staff in an attempt to trick them into opening malicious links.
The Group Behind the Attack: APT42
The European Parliament's in-house IT service, DG ITEC, identified the group behind the attack as APT42, a hacking collective associated with the Iranian Revolutionary Guard. APT42 is also linked to other high-profile cyberattacks, including the theft of internal communication from Donald Trump's presidential campaign last year.
DG ITEC reported that Neumann's office laptop was targeted earlier this year, and although an investigation was conducted, no sensitive information was compromised due to the chamber's defenses being in place. The attack was deemed an "incomplete infection chain," suggesting that it was stopped before it could achieve its full intended purpose.
The Attackers' Tactics
According to Google's Mandiant Threat Intelligence service, APT42 is known for posing as journalists and event organizers to build trust with victims through ongoing correspondence. They also use this tactic to deliver invitations to conferences or legitimate documents in order to steal credentials and gain access to cloud servers.
In Neumann's case, the attackers used a fake email account from Matthew Levitt, a former United States FBI official who had previously communicated with her on several occasions. The email claimed that Levitt was inviting Neumann to speak at a conference as part of his role at the Washington Institute for Near East Policy.
The Motivation Behind the Attack
Neumann believes that the attack was intended to intimidate her and silence her from speaking out on issues related to Iran. As chair of the Parliament delegation for relations with Iran, Neumann regularly engages with trade unions, civil society organizations, human rights lawyers, and activists fighting for democracy in the country.
A Message from the Iranian Revolutionary Guard
"It was clearly a message coming from the [Iranian] Revolutionary Guards to make me shut up, which they have tried in different ways before," Neumann said. "The right answer is to speak up... I have a duty to speak up." This statement highlights the Iranian regime's tactics of using cyber-attacks as a means to silence critics and maintain control.
European Parliament Response
The European Parliament has acknowledged the attack, stating that its services "constantly monitor cybersecurity threats as well as potential cyberattacks against its working environment and quickly deploy the necessary measures to prevent them or support the users."
Due to the sensitive nature of this matter, further information about European Parliament security and cybersecurity measures is not being disclosed.