Check Point Research (CPR) sees multiple hacker groups using Telegram, Signal and the darkweb to aid anti-government protestors in Iran bypass regime restrictions. Key activities are data leaking and selling, including officials’ phone numbers and emails, and maps of sensitive locations. CPR sees the sharing of open VPN servers to bypass censorship and reports on the internet status in Iran, as well as the hacking of conversations and guides. CPR is sharing five examples with visuals of activities currently happening.

  • Telegram groups range from 900 to 12,000 members
  • Multiple groups provide a list of proxies and VPN that help to bypass the censorship in Iran
  • Another group helps protestors access social media sites

Check Point Research (CPR) sees multiple hacker groups on the Telegram, Signal anddarkweb attempting to help protestors in Iran bypass restrictions forced by the regime. The observation came a day after anti-government protests began following the death of Mahsa Amini.

Specifically, hacker groups are allowing people in Iran to communicate with each other, share news and what is going on in different places, which is what the government is trying to avoid, to lower the flames.

As per usual with these uprisings, there are some hacking groups that are trying to make profit from the situation and to sell information from IRAN and the Regime.

Telegram:

Official Atlas Intelligence Group channel

Members: ~ 900

Source: telegram

Activities: Data leaking and selling.

Currently doing: Focusing on leaking data that can help against the regime in Iran, including officials’ phone numbers and emails, and maps of sensitive locations. Of course, they also trying to upsell the “private” information on IRGC (last image).

Providing a list of Proxies that will help to bypass the censorship in Iran

ARVIN

Members: ~ 5,000

Source: telegram

Activities: Data leaking and selling.

Currently doing: Focusing on news from the protests in Iran, reports, and videos from the streets where the protests are, and information about the internet status in Iran

Open VPN servers to bypass censorship

Reports on the internet status in Iran –

RedBlue™

Members: ~ 4,000

Source: telegram

Activities: Hacking conversations and guides, part of the hacking website hide01.ir, which is operated by Iranians, about computers and software hackings.

Currently doing: Same, some of the conversations are about bypassing the censorship and helping those living in Iran to access social media sites.

Tor Project

Members: ~ 12,000

Source: telegram, Tor Page on web

Activities: Regular updates on the Tor Project, this group is part of the regular channels Tor Project is sending out messages to the community.

Currently doing same, but with some emphasis on the help that Tor can bring to the protestors in Iran

Signal: 

Source: Clear-Web (regular web)

https://signal.org/en/

https://en.wikipedia.org/wiki/Signal_(software)

“Signal” is a messaging app developed by the non-profit Signal Foundation.

Users can send one-to-one and group messages, which can include files, voice notes, images, and videos as well as voice and video calls.

Signal decided to also join the effort and support the protests in Iran, helping other people to setup proxy servers that can be used to bypass the censorship in Iran. https://signal.org/blog/run-a-proxy/

Place: Forum for Political discussions

Source: DarkWeb

What we see are groups from Telegram, dark web and on the ‘regular’ internet helping the protestors to bypass the restrictions and censorship that are currently in place by the Iranian Regime, to suppress the protests. We began seeing these groups emerge roughly a day after the protests began. These groups allow people in Iran to communicate with each other, share news and what is going on in different places. We will continue to monitor the situation.

You may also like