Iranian Hackers Stole Charlie Hebdo Database

Microsoft analysts have said that a group of Iranian government hackers called Neptunium is behind the hacking campaign against the French satirical magazine Charlie Hebdo.

The media also reported that Iranian hackers attack VPN-servers to install backdoors.

Last month, the group said it had stolen the personal information of 200,000 Charlie Hebdo subscribers by gaining access to the publication’s internal database.

In January 2023, someone using the name Holy Souls put Charlie Hebdo subscriber information up for sale, valuing the dump at 20 BTC (roughly $340,000 at the time). Then the French media Le Monde confirmed the authenticity of the information that fell into the hands of hackers.

The published samples included names, phone numbers, addresses, email addresses, and more. Holy Souls advertised the stolen data on YouTube, on several hacker forums, and actively posted about the leak on social media.

According to Microsoft, the attack and the data breach followed the magazine’s decision to hold a cartoon contest in which readers were asked to submit drawings mocking Iran’s supreme leader, Ali Khamenei. The issue with the winning cartoons was supposed to be published in early January, timed to coincide with the eighth anniversary of the terrorist attack and attack on the publication’s office.

Iranian Foreign Minister Hossein Amir Abdollahian sharply criticized the competition, calling it “insulting and impolite action directed against the religious and political-spiritual authorities” of the country. He added that it was Charlie Hebdo’s actions that would not be “left unanswered”. In addition, the Iranian Foreign Ministry demanded a meeting with the French ambassador and also closed the French Research Institute in Iran.

As Microsoft researchers now write, the attack on the magazine is linked to the Iranian government because it matches attributes seen in other attacks by Iranian hackers. “Coincidences” even include the tactics used by hacktivists, who eventually claimed responsibility for the hack and leakage of personal data. According to experts, Holy Souls is the Iranian hack band Neptunium, also known as Emennet Pasargad.

In addition, two fake social media accounts purporting to belong to the French CTO and editor of Charlie Hebdo also posted similar screenshots until they were banned.