{
	"id": "2dee1384-a713-42f9-a156-9959e5f4a8c9",
	"created_at": "2026-04-06T00:15:32.910832Z",
	"updated_at": "2026-04-10T03:35:36.562757Z",
	"deleted_at": null,
	"sha1_hash": "b2f49ee3b4504bd8fedcdbed7d0205b4d083db59",
	"title": "Iranian hackers sucker punch U.S. defense officials with creative social-media scam",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32014,
	"plain_text": "Iranian hackers sucker punch U.S. defense officials with creative\r\nsocial-media scam\r\nBy Cheryl K. Chumley\r\nPublished: 2014-05-29 · Archived: 2026-04-05 13:29:15 UTC\r\nScores of top U.S. defense, foreign policy and senior-level military authorities — including a four-star admiral —\r\nhave been sucked into a tangled weave of a social-media scam that’s been waged by creative Iranian hackers over\r\nthe past few years, a new report from a cyber-security firm found.\r\nThe Washington Post reported that since 2011, the hackers hit at hundreds of both current and former high-ranking\r\nU.S. officials, including a four-star admiral, who worked primarily on non-proliferation issues.\r\nThe report, from iSightPartners, also found that the hackers targeted various personnel from 10-plus different\r\nAmerican and Israeli defense contracting companies.\r\nThe research firm iSight dubbed the operation Newscaster and said hackers used social-media sites like Twitter,\r\nFacebook and LinkedIn to draw their targets and then lure them to check out a bogus news site, NewsOnAir.org,\r\nfilled with foreign policy and defense articles, The Post reported.\r\nThe overall aim is that the social-media platform would give the hackers connections with those at the top of\r\npublic policy — and position them to tap into that information network.\r\nSpecifically, hackers wanted intelligence information that could give insight into U.S. and U.S.-Israeli military\r\noperations, as well as nuclear-related discussions between the U.S. and Iran, the Washington Post reported.\r\n“They’re very brash,” Tiffany Jones, the senior vice president for iSight, told The Post. “What they lack in\r\ntechnical sophistication, they make up for in creativity and persistence.”\r\nThe research firm couldn’t determine what data the hackers may have stolen. But they did find that the\r\nNewsOnAir.org site is registered in Tehran.\r\n“The social networking is so elaborate, they’ve got connections to the highest levels of American policy,” John\r\nHultquist, the head of intelligence on cyber-espionage for iSight, told The Post.\r\nSource: https://www.washingtontimes.com/news/2014/may/29/iranian-hackers-sucker-punch-us-defense-heads-crea/\r\nhttps://www.washingtontimes.com/news/2014/may/29/iranian-hackers-sucker-punch-us-defense-heads-crea/\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA",
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://www.washingtontimes.com/news/2014/may/29/iranian-hackers-sucker-punch-us-defense-heads-crea/"
	],
	"report_names": [
		"iranian-hackers-sucker-punch-us-defense-heads-crea"
	],
	"threat_actors": [
		{
			"id": "99c7aace-96b1-445b-87e7-d8bdd01d5e03",
			"created_at": "2025-08-07T02:03:24.746965Z",
			"updated_at": "2026-04-10T02:00:03.640335Z",
			"deleted_at": null,
			"main_name": "COBALT ILLUSION",
			"aliases": [
				"APT35 ",
				"APT42 ",
				"Agent Serpens Palo Alto",
				"Charming Kitten ",
				"CharmingCypress ",
				"Educated Manticore Checkpoint",
				"ITG18 ",
				"Magic Hound ",
				"Mint Sandstorm sub-group ",
				"NewsBeef ",
				"Newscaster ",
				"PHOSPHORUS sub-group ",
				"TA453 ",
				"UNC788 ",
				"Yellow Garuda "
			],
			"source_name": "Secureworks:COBALT ILLUSION",
			"tools": [
				"Browser Exploitation Framework (BeEF)",
				"MagicHound Toolset",
				"PupyRAT"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "e034b94b-9655-42c4-a72e-a58807dce299",
			"created_at": "2022-10-25T16:07:24.133537Z",
			"updated_at": "2026-04-10T02:00:04.876832Z",
			"deleted_at": null,
			"main_name": "Rocket Kitten",
			"aliases": [
				"Group 83",
				"NewsBeef",
				"Newscaster",
				"Operation Newscaster",
				"Operation Woolen-GoldFish",
				"Parastoo",
				"Rocket Kitten"
			],
			"source_name": "ETDA:Rocket Kitten",
			"tools": [
				"CoreImpact (Modified)",
				"FireMalv",
				"Ghole",
				"Gholee"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775434532,
	"ts_updated_at": 1775792136,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/b2f49ee3b4504bd8fedcdbed7d0205b4d083db59.pdf",
		"text": "https://archive.orkl.eu/b2f49ee3b4504bd8fedcdbed7d0205b4d083db59.txt",
		"img": "https://archive.orkl.eu/b2f49ee3b4504bd8fedcdbed7d0205b4d083db59.jpg"
	}
}