Skip to main content

Iranian hackers 'posed as British academics' in cyber-espionage operation: Report

A cyber-security company says the operation was aimed at extracting information on Iranian opposition activities and the ongoing US-Iran nuclear talks
Iranian hackers impersonated academics at a British university to launch an online espionage campaign to target researchers, academics and journalists (AFP)

A group of Iranian hackers posing as British-based academic had targeted Middle East experts in the US and UK with a cyber-espionage operation, a cyber-security company has revealed.

The sophisticated campaign was called "SpoofedScholars," in which hackers impersonated academics at London's School of Oriental and African Studies (SOAS) to launch an online espionage campaign to target academics, according to Proofpoint, a cyber-security company that uncovered the hacking operation, as cited by the BBC

The hacking group was called "Charming Kitten" but is also known as "Phosphorus" and APT35. According to the Financial Times, it is believed to have been active in conducting intelligence operations on behalf of Iran's Revolutionary Guard.

The hackers' group launched its cyber-espionage campaign in January, which lasted for a few months.

It compromised SOAS's website and sent spoof emails pretending to be from the staff at SOAS, to invite academics, researchers and experts on the Middle East from think tanks, journalism and academia to register their interest in conferences and events.

Stay informed with MEE's newsletters

Sign up to get the latest alerts, insights and analysis, starting with Turkey Unpacked


The emails' recipients then landed on a dummy page, created by the hackers, where they provided personal details to register for the event.

According to Proofpoint, hackers would use the harvested emails and passwords to access personal accounts on other sites. At the same time, they would attempt to install malware into mobile phone devices, using numbers that were provided.

At least 10 academics based in the US and UK have been affected by the Iranian hackers' cyber-assault, Proofpoint said.

Iran targeting academics

Sherrod DeGrippo, senior director of threat research at Proofpoint, told the FT that "Iran has always been very focused on [targeting] academics, scientists, professors and diplomats... This just shows that they are continuing that focus, most likely because it's been paying off."

Some of the pressing issues Iranian hackers attempt to extract data and information about include foreign policy, the activities of Iranian opposition figures and movements, and tips and insights into the ongoing US-Iran talks over Tehran's nuclear programme.

SOAS said that no personal information was collected and its own data systems were not touched.

"Once we became aware of the dummy site earlier this year, we immediately remedied and reported the breach in the normal way. We have reviewed how this took place and taken steps to further improve protection of these sort of peripheral systems," SOAS said in a statement.

It affirmed that none of the university's employees had violated cybersecurity protocols, and those who were targeted were external academics, not the university's own staff.

Middle East Eye delivers independent and unrivalled coverage and analysis of the Middle East, North Africa and beyond. To learn more about republishing this content and the associated fees, please fill out this form. More about MEE can be found here.