Η Check Point Research (CPR) observes multiple hacker groups using it Telegram the Signal and the Dark Web to help anti-government protesters in Iran circumvent regime restrictions.
Key activities are leaking and selling data, including phone numbers and emails officials, as well as maps of sensitive locations. THE CPR also observes open server sharing VPN on circumventing censorship and reports on the internet situation in Iran, as well as the interception of conversations and instructions.
Η CPR shares in this post five graphic examples of activities taking place right now.
- Ta group in Telegram they number from 900 to 12.000 members
- Multiple groups provide a list of proxies and VPNs that help bypass censorship in Iran
- Another group is helping protesters access social networking sites
Η Check Point Research (CPR) states that these activities began a day after the start of the anti-government protests that followed the death of Mahsa Amini.
In particular, hacker groups allow people in Iran to communicate with each other and share news about what is happening in different places, something the government is trying to avoid in order to quell the intensity of the protests.
As is usually the case in these cases, there are hacker groups trying to take advantage of the situation and sell information from Iran and the regime.
Official channel Atlas Intelligence Group
Members: ~ 900
Activities: Leaking and selling data
Today: It focuses on leaking data that can help against the regime in Iran, including the phone numbers and emails of officials and maps of sensitive locations. Of course, they also try to sell the “private” information about it IRGC (last image).
Additionally, it provides lists Proxies that will help bypass censorship in Iran
Members: ~ 5,000
Activities: Leaking and selling data
Today: Focuses on news from the protests in Iran, reports and videos from the streets where the protests are taking place, and information on the internet situation in Iran.
It opens VPN servers to bypass censorship
It reports anything related to the internet situation in Iran –
Members: ~ 4,000
Activities: Hacking chats and instructions, part of hacking website hide01.ir, run by Iranians on computer and software hacking
Today: Similar activity, some of the discussions are about bypassing censorship and helping those living in Iran to access social networking sites.
Members: ~ 12,000
Source: telegram, Page Tor on Internet
Activities: Regular updates on the Tor Project, as part of the regular channels. The Tor Project sends messages to the community.
Today: similar activity, but with some emphasis on the help Tor can provide to the protesters in Iran.
Source: Clear-Web (normal web)
The "Signal” is a messaging app developed by the non-profit Foundation signal foundation.
Users can send individual and group messages, which can include files, voice memos, images and videos, as well as voice and video calls.
The Signal decided to join the fight too and support the protests in Iran by helping other people install proxies that can be used to bypass censorship in Iran. https: //signal.org/blog/run-a-proxy/
Location: Forum for Political discussions
Σχόλιο of Liad Mizrachi, Security Researcher in Check Point Software:
"What we've been seeing lately are teams from Telegram the dark but also the "regular" internet to help protesters bypass the restrictions and censorship currently applied by the Iranian regime, as part of the process of dealing with the protests. We started to see activity from these groups about a day after the protests started. These groups allow people in Iran to communicate with each other and share news about what is happening in different places. We will continue to monitor the situation."