European authorities have taken action to take down a cyberespionage campaign believed to be linked to Iran’s powerful Revolutionary Guard, the first operation of its kind since Tehran signed a nuclear treaty, according to security researchers.
The hacker group — dubbed “Rocket Kitten” by security experts who have been hunting the hacker group since early 2014 — has mounted cyberattacks on high-profile political and military figures globally since that time, according to researchers from several cybersecurity firms who have monitored its activities.
The action could hamper Tehran’s efforts to gather sensitive intelligence from rivals including Saudi Arabia, Israel, Turkey, the United States as well as ally Venezuela, which were among the nations targeted.
Researchers from U.S.-Israeli security firm Check Point Software said the 1,600 high-profile targets include members of the Saudi royal family, Israeli nuclear scientists, NATO officials and Iranian dissidents and even the wives of high-ranking generals from unnamed countries.
“We have discovered the inner workings of a cyberespionage campaign,” Shahar Tal, research group manager for Check Point Software said during an interview.
“It is extremely rare to obtain a comprehensive checklist of a nation’s military intelligence interest,” Tal said of the list of espionage targets discovered in the Iran hacker group’s databases.
The company said it has informed national computer security response teams in Britain, Germany and the Netherlands, who in turn alerted police in those countries to the locations of “command and control” servers used to mount attacks controlled from Iran.
Europol and the FBI said they could not immediately comment. An official with Israeli internal security service Shin Bet said, “This matter is familiar to us and is being attended to,” but did not offer any additional details.
Check Point planned to issue a report later Monday.
According to an advance copy, the report details how its experts burrowed inside the hacker group’s database, giving them a map of malicious software tools and remote-controlled computers used by the group.
In coordinated actions, “command and control” computer links hosted unknowingly by five commercial data hosting and satellite communications operators in Europe, have largely now been shut down, Tal said, crippling the hackers’ capacity, at least for some months, to launch fresh attacks.
Computers in Europe were used by Rocket Kitten hackers in Tehran to stage remote attacks on targets in Saudi Arabia, other countries neighboring Iran, Israel, Europe, the United States, Venezuela and Iran itself, according to Check Point researchers.
“We believe these attacks are very similar to the ones previously attributed to the Iranian Revolutionary Guards Corps,” Tal said of links between the two groups. Other cybersecurity researchers have stopped short of linking the two groups.
A spokesman at the Revolutionary Guards’ headquarters in Tehran declined to comment. Iranian Foreign Ministry officials were not available for comment.
Iran has been hit by several debilitating computer virus campaigns including Stuxnet, a cyberweapon jointly developed by the United States and Israel that destroyed some Iranian nuclear production facilities.
Iran has responded with its own cyberspying capabilities since 2012, computer experts say.
The actions come as U.S. President Barack Obama and Israeli Prime Minister Benjamin Netanyahu met Monday for the first time since the Israeli leader lost his battle against the Iran nuclear deal.