US global security firm Mandiant has worked to prevent the operations of a network of Iran operatives collecting intelligence on those believed to be collaborating with intelligence and security agencies abroad, especially in Israel, the firm announced Wednesday.
Mandiant has worked to ensure that this operation by Iran was blocked and disrupted, the accounts of the individuals operating for Iran were deleted, and that Google Chrome users and the users of other browsers are safe.
The Iranian reconnaissance efforts could help Iran uncover those collaborating with the country’s adversaries, according to the security firm.
This operation was found to be similar to another earlier Iranian operation, APT42, which is suspected of operating on behalf of Iran’s IRGC Intelligence Organization.
Iranian intelligence use several social media accounts to disseminate a network of tens of fake recruiting websites containing decoy content in the Farsi language.
These websites include job offers and Israel-related lures, including images of Israeli national symbols, hi-tech offices, and major city landmarks to lure those who may be collaborating with Israel and other adversaries.
While entering the sites, the Iranian users must disclose their personal details and professional and academic experience, which is then sent to the Iranian operatives.
Iran's reconnaissance efforts
Iran’s reconnaissance efforts began in 2017 and has continued until at least March 2024.
Similar operations were used in Arabic to target those affiliated with Syria and Hezbollah intelligence and security agencies.