Iran Media Websites Seized by U.S. in Disinformation Campaign | Threatpost

The Department of Justice has seized the domains of 36 Iranian media sites that officials say weren’t just operating in violation of sanctions, but were part of a widespread government-backed malign-influence operation targeting the U.S.

The DoJ said that 33 of the sites are run by the Iranian Islamic Radio and Television Union (IRTVU), which is allegedly under the control of the sanctioned Islamic Revolutionary Guard Quds Force (IRGC).  Three additional sites taken down were allegedly controlled by Kata’ib Hizballah, which has been designated an Iraqi terrorist group by the U.S. government.

Ironically, even though the sites were operated by Iranian groups, the domains are owned by U.S.-based cloud organizations, giving law enforcement the reach to take control.

“Components of the government of Iran, to include IRTVU and others like it, disguised as news organizations or media outlets, targeted the United States with disinformation campaigns and malign-influence operations,” the DoJ said in its announcement.

One of the seized sites, PressTV, still displays the seizure notice. Others taken down included Palestine Today and Al-Alam, among others.

Seized Iranian Media Sites Back Up

Analysts at RiskIQ identified 24 seized sites sharing the same Amazon server, according to the AP, which added that the domain was shifted to an Amazon name server on Tuesday afternoon in Europe.

PressTV and others were soon back up and running after shifting to .ir domains. The AP pointed out the U.S. interfering with domains designated to other countries would be condemned by the international community as an overreach.

The U.S. has seized Iranian media sites before, accusing them of disinformation and distributing propaganda on the government’s behalf. Last October, law enforcement shut down an additional 100 sites allegedly operated by the Iranian Revolutionary Guard, the AP added.

The Revolutionary Guard was recently credited with a targeted phishing campaign intended to steal credentials from 25 senior medical research officials working in genetic neurology and oncology.

Wide-scale influence campaigns have been identified as an area of increasing concern by the U.S. government and the cybersecurity community at large. Last summer’s Black Hat attendees voted in a 70-percent majority that influence campaigns were the greatest threat to the upcoming 2020 elections.

Researchers warn that the next wave of disinformation will likely include difficult-to-detect deepfake technologies.

But as U.S. law enforcement agencies crack down on these foreign operators, John Bambenek from Netenrich is worried about how these same tactics could be used against the west in retailiation.

“We tend to think of the internet as a global resource, but the reality is much of the core operation of it (in this case global top-level domains like .com) is run by American companies and have to comply with American sanctions regimes,” Bambenek said. “While this is a creative application of those sanctions, it will be concerning how other countries try to turn the tables to silence American entities as well.”

Join Threatpost for “Tips and Tactics for Better Threat Hunting” — a LIVE event on Wed., June 30 at 2:00 PM ET in partnership with Palo Alto Networks. Learn from Palo Alto’s Unit 42 experts the best way to hunt down threats and how to use automation to help. Register HERE for free.