# Operation Newscaster **en.wikipedia.org/wiki/Operation_Newscaster** Contributors to Wikimedia projects Logo designed by iSIGHT Partners "Operation Newscaster", as labelled by American firm iSIGHT Partners in 2014, is a cyber espionage [covert operation directed at military and political figures using social networking,](https://en.wikipedia.org/wiki/Covert_operation) [allegedly done by Iran. The operation has been described as "creative",[1]](https://en.wikipedia.org/wiki/Iran) "long-term" and "unprecedented".[2] According to iSIGHT Partners, it is "the most elaborate cyber espionage [campaign using social engineering that has been uncovered to date from any nation".[2]](https://en.wikipedia.org/wiki/Social_engineering_(security)) ## ISight's perceptions A screenshot from NewsOnAir.org ----- [On 29 May 2014, Texas-based cyber espionage research firm iSIGHT Partners released a](https://en.wikipedia.org/wiki/Texas) report, uncovering an operation it labels "Newscaster" since at-least 2011, has targeted at leas[2][3] [t 2,000 people in United States,](https://en.wikipedia.org/wiki/United_States) [Israel,](https://en.wikipedia.org/wiki/Israel) [Britain,](https://en.wikipedia.org/wiki/United_Kingdom) [Saudi Arabia,](https://en.wikipedia.org/wiki/Saudi_Arabia) [Syria,](https://en.wikipedia.org/wiki/Syria) [Iraq and](https://en.wikipedia.org/wiki/Iraq) [Afghanistan.](https://en.wikipedia.org/wiki/Afghanistan) The victims who are not identified in the document due to security reasons, are senior U.S. military and diplomatic personnel, congresspeople, journalists, lobbyists, think tankers and [defense contractors, including a four-star admiral.[2][3]](https://en.wikipedia.org/wiki/Admiral_(United_States)) The firm couldn’t determine what data the hackers may have stolen. [3] According to the iSIGHT Partners report, hackers used 14 "elaborated fake" personas claiming to work in journalism, government, and defense contracting and were active in [Facebook,](https://en.wikipedia.org/wiki/Facebook) [Twitter,](https://en.wikipedia.org/wiki/Twitter) [LinkedIn,](https://en.wikipedia.org/wiki/LinkedIn) [Google+,](https://en.wikipedia.org/wiki/Google%2B) [YouTube and](https://en.wikipedia.org/wiki/YouTube) [Blogger. To establish trust and](https://en.wikipedia.org/wiki/Blogger_(service)) credibility, the users fabricated a fictitious journalism website, NewsOnAir.org, using content [from the media like Associated Press,](https://en.wikipedia.org/wiki/Associated_Press) [BBC,](https://en.wikipedia.org/wiki/BBC) [Reuters and populated their profiles with](https://en.wikipedia.org/wiki/Reuters) fictitious personal content. They then tried to befriend target victims and sent them "friendly messages"[1] with [Spear-phishing to steal](https://en.wikipedia.org/wiki/Spear-phishing) [email passwords[4]](https://en.wikipedia.org/wiki/Email) and attacks and infecting them to a "not particularly sophisticated" malware for data exfiltration.[2][3] [The report says NewsOnAir.org was registered in Tehran and likely hosted by an Iranian](https://en.wikipedia.org/wiki/Tehran) provider. The [Persian word "Parastoo" (ﭘﺮﺳﺘﻮ; meaning swallow) was used as a password for](https://en.wikipedia.org/wiki/Persian_language) malware associated with the group, which appeared to work during business hours in [Tehran[2]](https://en.wikipedia.org/wiki/Tehran) as they took Thursday and Friday off.[1] _iSIGHT Partners could not confirm whether_ the hackers had ties to the [Iranian government.[4]](https://en.wikipedia.org/wiki/Iranian_government) ## Analysis According to _[Al Jazeera,](https://en.wikipedia.org/wiki/Al_Jazeera)_ [Chinese army's cyber unit carried out scores of similar phishing](https://en.wikipedia.org/wiki/Cyberwarfare_in_China) schemes.[4] [Morgan Marquis-Boire, a researcher at the](https://en.wikipedia.org/wiki/Morgan_Marquis-Boire) [University of Toronto stated that the campaign](https://en.wikipedia.org/wiki/University_of_Toronto) ["appeared to be the work of the same actors performing malware attacks on Iranian](https://en.wikipedia.org/wiki/Iran) dissidents and journalists for at least two years".[4] Franz-Stefan Gady, a senior fellow at the [EastWest Institute and a founding member of the](https://en.wikipedia.org/wiki/EastWest_Institute) Worldwide Cybersecurity Initiative, stated that “They’re not doing this for a quick buck, to extrapolate data and extort an organization. They’re in it for the long haul. Sophisticated human engineering has been the preferred method of state actors”.[4] ## Reactions References ----- 1. _Nakashima, Ellen (May 29, 2014). Iranian hackers are targeting U.S. officials_ _through social networks, report says"._ _[The Washington Post. Retrieved March 30,](https://en.wikipedia.org/wiki/The_Washington_Post)_ _2015._ 2. ^ a b c d e f g h i _Finkle, Jim (May 29, 2014). Tiffany Wu (ed.)._ _"Iranian hackers use fake_ _Facebook accounts to spy on U.S., others"._ _[Reuters. Retrieved March 30, 2015.](https://en.wikipedia.org/wiki/Reuters)_ 3. ^ a b c d _Chumley, Cheryl K. (May 29, 2014). "Iranian hackers sucker punch U.S._ _defense officials with creative social-media scam"._ _[The Washington Times. Retrieved](https://en.wikipedia.org/wiki/The_Washington_Times)_ _March 30, 2015._ 4. ^ a b c d e f _Pizzi, Michael (May 29, 2014). "Iran hackers set up fake news site, personas_ _to steal U.S. secrets"._ _[Al Jazeera. Retrieved March 30, 2015.](https://en.wikipedia.org/wiki/Al_Jazeera)_ ## External links [NEWSCASTER – An Iranian Threat Inside Social Media](http://www.isightpartners.com/2014/05/newscaster-iranian-threat-inside-social-media/) **[Cyberwarfare in Iran](https://en.wikipedia.org/wiki/Cyberwarfare_in_Iran)** [Operation Olympic Games](https://en.wikipedia.org/wiki/Operation_Olympic_Games) [Operation Ababil](https://en.wikipedia.org/wiki/Operation_Ababil) "Operation Newscaster" ["Operation Cleaver"](https://en.wikipedia.org/wiki/Operation_Cleaver) **Incidents** [Elfin Team](https://en.wikipedia.org/wiki/Elfin_Team) [Charming Kitten](https://en.wikipedia.org/wiki/Charming_Kitten) **Groups** [Stuxnet](https://en.wikipedia.org/wiki/Stuxnet) [Flame](https://en.wikipedia.org/wiki/Flame_(malware)) [Duqu](https://en.wikipedia.org/wiki/Duqu) [Stars virus](https://en.wikipedia.org/wiki/Stars_virus) [Mahdi](https://en.wikipedia.org/wiki/Mahdi_(malware)) [Shamoon](https://en.wikipedia.org/wiki/Shamoon) **[Malware](https://en.wikipedia.org/wiki/Malware)** [Iranian Cyber Army](https://en.wikipedia.org/wiki/Iranian_Cyber_Army) [Operation Spider](https://en.wikipedia.org/wiki/Operation_Spider_(Iran)) **related** **Hacking in the** **2010s** [Timeline](https://en.wikipedia.org/wiki/Timeline_of_computer_security_hacker_history#2010s) **Major incidents** ----- **2010** **2011** **2012** **2013** **2014** **2015** [Operation Aurora](https://en.wikipedia.org/wiki/Operation_Aurora) [Australian cyberattacks](https://en.wikipedia.org/wiki/February_2010_Australian_cyberattacks) [Operation ShadowNet](https://en.wikipedia.org/wiki/Shadow_Network) [Operation Payback](https://en.wikipedia.org/wiki/Operation_Payback) [DigiNotar](https://en.wikipedia.org/wiki/DigiNotar) [DNSChanger](https://en.wikipedia.org/wiki/DNSChanger) [HBGary Federal](https://en.wikipedia.org/wiki/HBGary) [Operation AntiSec](https://en.wikipedia.org/wiki/Operation_AntiSec) [Operation Tunisia](https://en.wikipedia.org/wiki/Operation_Tunisia) [PlayStation](https://en.wikipedia.org/wiki/2011_PlayStation_Network_outage) [RSA SecurID compromise](https://en.wikipedia.org/wiki/RSA_SecurID#March_2011_system_compromise) [LinkedIn hack](https://en.wikipedia.org/wiki/2012_LinkedIn_hack) [Stratfor email leak](https://en.wikipedia.org/wiki/2012%E2%80%9313_Stratfor_email_leak) [Operation High Roller](https://en.wikipedia.org/wiki/Operation_High_Roller) [South Korea cyberattack](https://en.wikipedia.org/wiki/2013_South_Korea_cyberattack) [Snapchat hack](https://en.wikipedia.org/wiki/Snapchat#December_2013_hack) [Cyberterrorism Attack of June 25](https://en.wikipedia.org/wiki/June_25_cyber_terror) [2013 Yahoo! data breach](https://en.wikipedia.org/wiki/Yahoo!_data_breaches#August_2013_breach) [Singapore cyberattacks](https://en.wikipedia.org/wiki/2013_Singapore_cyberattacks) [Anthem medical data breach](https://en.wikipedia.org/wiki/Anthem_medical_data_breach) [Operation Tovar](https://en.wikipedia.org/wiki/Operation_Tovar) [2014 celebrity nude photo leak](https://en.wikipedia.org/wiki/2014_celebrity_nude_photo_leak) [2014 JPMorgan Chase data breach](https://en.wikipedia.org/wiki/2014_JPMorgan_Chase_data_breach) [Sony Pictures hack](https://en.wikipedia.org/wiki/Sony_Pictures_hack) [Russian hacker password theft](https://en.wikipedia.org/wiki/2014_Russian_hacker_password_theft) [2014 Yahoo! data breach](https://en.wikipedia.org/wiki/Yahoo!_data_breaches#Late_2014_breach) [Office of Personnel Management data breach](https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach) [Hacking Team](https://en.wikipedia.org/wiki/Hacking_Team#2015_data_breach) [Ashley Madison data breach](https://en.wikipedia.org/wiki/Ashley_Madison_data_breach) [VTech data breach](https://en.wikipedia.org/wiki/VTech#2015_data_breach) [Ukrainian Power Grid Cyberattack](https://en.wikipedia.org/wiki/December_2015_Ukraine_power_grid_cyberattack) [SWIFT banking hack](https://en.wikipedia.org/wiki/2015%E2%80%932016_SWIFT_banking_hack) ----- **2016** **2017** **2018** **2019** [Bangladesh Bank robbery](https://en.wikipedia.org/wiki/Bangladesh_Bank_robbery) Hollywood Presbyterian Medical Center ransomware incident [Commission on Elections data breach](https://en.wikipedia.org/wiki/Commission_on_Elections_data_breach) [Democratic National Committee cyber attacks](https://en.wikipedia.org/wiki/Democratic_National_Committee_cyber_attacks) [Vietnam Airport Hacks](https://en.wikipedia.org/wiki/Vietnamese_airports_hackings) [DCCC cyber attacks](https://en.wikipedia.org/wiki/Democratic_Congressional_Campaign_Committee_cyber_attacks) [Indian Bank data breaches](https://en.wikipedia.org/wiki/2016_Indian_Banks_data_breach) [Surkov leaks](https://en.wikipedia.org/wiki/Surkov_leaks) [Dyn cyberattack](https://en.wikipedia.org/wiki/2016_Dyn_cyberattack) [Russian interference in the 2016 U.S. elections](https://en.wikipedia.org/wiki/Russian_interference_in_the_2016_United_States_elections) [2016 Bitfinex hack](https://en.wikipedia.org/wiki/2016_Bitfinex_hack) [2017 Macron e-mail leaks](https://en.wikipedia.org/wiki/2017_Macron_e-mail_leaks) [WannaCry ransomware attack](https://en.wikipedia.org/wiki/WannaCry_ransomware_attack) [Westminster data breach](https://en.wikipedia.org/wiki/2017_Westminster_data_breach) [Petya cyberattack](https://en.wikipedia.org/wiki/Petya_(malware)) [2017 cyberattacks on Ukraine](https://en.wikipedia.org/wiki/2017_cyberattacks_on_Ukraine) [Equifax data breach](https://en.wikipedia.org/wiki/2017_Equifax_data_breach) [Deloitte breach](https://en.wikipedia.org/wiki/Deloitte#E-mail_hack) [Disqus breach](https://en.wikipedia.org/wiki/Disqus#October_2017_security_breach) [Trustico](https://en.wikipedia.org/wiki/Trustico#DigiCert_and_Trustico_spat,_2018) [Atlanta cyberattack](https://en.wikipedia.org/wiki/Atlanta_government_ransomware_attack) [SingHealth data breach](https://en.wikipedia.org/wiki/2018_SingHealth_data_breach) [Sri Lanka cyberattack](https://en.wikipedia.org/wiki/2019_cyberattacks_on_Sri_Lanka) [Baltimore ransomware attack](https://en.wikipedia.org/wiki/2019_Baltimore_ransomware_attack) [Bulgarian revenue agency hack](https://en.wikipedia.org/wiki/2019_Bulgarian_revenue_agency_hack) [Jeff Bezos phone hacking](https://en.wikipedia.org/wiki/Jeff_Bezos_phone_hacking) **[Hacktivism](https://en.wikipedia.org/wiki/Hacktivism)** **Advanced** **persistent threats** **[Individuals](https://en.wikipedia.org/wiki/Hacker)** **Major** **[vulnerabilities](https://en.wikipedia.org/wiki/Vulnerability_(computing))** **publicly** **[disclosed](https://en.wikipedia.org/wiki/Full_disclosure_(computer_security))** **[Malware](https://en.wikipedia.org/wiki/Malware)** ----- **2010** **2011** **2012** **2013** **2014** **2015** **2016** [Bad Rabbit](https://en.wikipedia.org/wiki/Ransomware#Bad_Rabbit) [SpyEye](https://en.wikipedia.org/wiki/SpyEye) [Stuxnet](https://en.wikipedia.org/wiki/Stuxnet) [Alureon](https://en.wikipedia.org/wiki/Alureon) [Duqu](https://en.wikipedia.org/wiki/Duqu) [Kelihos](https://en.wikipedia.org/wiki/Kelihos_botnet) [Metulji botnet](https://en.wikipedia.org/wiki/Metulji_botnet) [Stars](https://en.wikipedia.org/wiki/Stars_virus) [Carna](https://en.wikipedia.org/wiki/Carna_botnet) [Dexter](https://en.wikipedia.org/wiki/Dexter_(malware)) [FBI](https://en.wikipedia.org/wiki/FBI_MoneyPak_Ransomware) [Flame](https://en.wikipedia.org/wiki/Flame_(malware)) [Mahdi](https://en.wikipedia.org/wiki/Mahdi_(malware)) [Red October](https://en.wikipedia.org/wiki/Red_October_(malware)) [Shamoon](https://en.wikipedia.org/wiki/Shamoon) [CryptoLocker](https://en.wikipedia.org/wiki/CryptoLocker) [DarkSeoul](https://en.wikipedia.org/wiki/DarkSeoul_(wiper)) [Brambul](https://en.wikipedia.org/wiki/Brambul) [Carbanak](https://en.wikipedia.org/wiki/Carbanak) [Careto](https://en.wikipedia.org/wiki/Careto_(malware)) [DarkHotel](https://en.wikipedia.org/wiki/DarkHotel) [Duqu 2.0](https://en.wikipedia.org/wiki/Duqu_2.0) [FinFisher](https://en.wikipedia.org/wiki/FinFisher) [Gameover ZeuS](https://en.wikipedia.org/wiki/Gameover_ZeuS) [Regin](https://en.wikipedia.org/wiki/Regin_(malware)) [Dridex](https://en.wikipedia.org/wiki/Dridex) [Hidden Tear](https://en.wikipedia.org/wiki/Hidden_Tear) [Rombertik](https://en.wikipedia.org/wiki/Rombertik) [TeslaCrypt](https://en.wikipedia.org/wiki/TeslaCrypt) [Hitler](https://en.wikipedia.org/wiki/Hitler-Ransomware) [Jigsaw](https://en.wikipedia.org/wiki/Jigsaw_(ransomware)) [KeRanger](https://en.wikipedia.org/wiki/KeRanger) [MEMZ](https://en.wikipedia.org/wiki/MEMZ) [Mirai](https://en.wikipedia.org/wiki/Mirai_(malware)) [Pegasus](https://en.wikipedia.org/wiki/Pegasus_(spyware)) [Petya (NotPetya)](https://en.wikipedia.org/wiki/Petya_(malware)) [X-Agent](https://en.wikipedia.org/wiki/X-Agent) ----- **2017** **2019** [BrickerBot](https://en.wikipedia.org/wiki/BrickerBot) [Kirk](https://en.wikipedia.org/wiki/Kirk_Ransomware) [LogicLocker](https://en.wikipedia.org/wiki/LogicLocker) _[Rensenware ransomware](https://en.wikipedia.org/wiki/Rensenware)_ [Triton](https://en.wikipedia.org/wiki/Triton_(malware)) [WannaCry](https://en.wikipedia.org/wiki/WannaCry_ransomware_attack) [XafeCopy](https://en.wikipedia.org/wiki/Xafecopy_Trojan) [Grum](https://en.wikipedia.org/wiki/Grum_botnet) [Joanap](https://en.wikipedia.org/wiki/Joanap) [NetTraveler](https://en.wikipedia.org/wiki/NetTraveler) [R2D2](https://en.wikipedia.org/wiki/Chaos_Computer_Club#Staatstrojaner_affair) [Tinba](https://en.wikipedia.org/wiki/Tinba) [Titanium](https://en.wikipedia.org/wiki/Titanium_(malware)) [Vault 7](https://en.wikipedia.org/wiki/Vault_7) [ZeroAccess botnet](https://en.wikipedia.org/wiki/ZeroAccess_botnet) Retrieved from "https://en.wikipedia.org/w/index.php? title=Operation_Newscaster&oldid=1032119472" -----