Sept 28 – In Iran, multiple hacker groups are using Telegram, Signal and dark web tools to assist anti-government protestors in bypassing regime restrictions.
The news comes from security experts at Check Point Research (CPR), weeks after the death of Mahsa Amini, a protestor who was arrested for violating laws mandating that women wear headscarfs. Amini died in police custody.
“What we see are groups from the Telegram, dark and also ‘regular’ web helping the protestors to bypass the restrictions and censorship that are currently in place by the Iranian Regime, as a way to deal with the protests,” stated Liad Mizrachi, a security researcher at Check Point. “We began seeing these groups emerge roughly a day after the protests began.”
Hacker groups have been in communication with one another, despite the government’s censorship attempts.”Key activities are data leaking and selling, including officials’ phone numbers and emails, and maps of sensitive locations,” Check Point noted in a report.
“CPR sees the sharing of open VPN servers to bypass censorship and reports on the internet status in Iran, as well as the hacking of conversations and guides.”
As evidence, Check Point Research shared five examples of these groups. The first one is known as the Official Atlas Intelligence Group channel on Telegram. With over 900 members, the channel focuses on leaking data that can quietly undermine the regime in Iran.
The second Telegram group observed by CPR is known as ARVIN, which boasts roughly 5,000 members and provides news about protests in Iran, along with reports and videos.
The third Telegram group mentioned in the CPR report is known as RedBlue, a channel with roughly 4,000 members that primarily focuses on hacking discussions and guides.
Apart from these Telegram channels, Check Point also mentions the Tor Project and Signal as platforms that enable Iranian citizens to circumvent government censorship and communicate across the internet securely.
“These groups allow people in Iran to communicate with each other and share news around what is going on at different places,” said Mizrachi. “We will continue to monitor the situation.”
For more on this story, visit Insecurity Magazine. Lastly, to receive cutting-edge cyber security news, interviews, expert analyses and leading security resources, please sign up for the CyberTalk.org newsletter.