Iran Operated Fake Human-Resources Firm to Root Out Unfriendly Spies, Researchers Say

FILE PHOTO: Figurines with computers are seen in front of USA and Iran flags in this illustration taken, September 10, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
FILE PHOTO: Figurines with computers are seen in front of USA and Iran flags in this illustration taken, September 10, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
TT

Iran Operated Fake Human-Resources Firm to Root Out Unfriendly Spies, Researchers Say

FILE PHOTO: Figurines with computers are seen in front of USA and Iran flags in this illustration taken, September 10, 2022. REUTERS/Dado Ruvic/Illustration/File Photo
FILE PHOTO: Figurines with computers are seen in front of USA and Iran flags in this illustration taken, September 10, 2022. REUTERS/Dado Ruvic/Illustration/File Photo

An Iranian hacking group ran a fake professional recruiting business to lure national security officials across Iran, Syria and Lebanon into a cyber espionage trap, according to new research by US cybersecurity firm Mandiant, a division of Alphabet's Google Cloud.
Researchers said the hackers are loosely connected to a group known as APT42 or Charming Kitten, which was recently accused of hacking the US presidential campaign of Republican candidate Donald Trump. APT42 is widely attributed to an intelligence division of the Iranian Revolutionary Guard, an expansive military organization based in Tehran. The FBI has said it is investigating APT42’s ongoing efforts to interfere in the 2024 US election, Reuters reported.
The mission uncovered by Mandiant dates back to at least 2017 and was active until recently. At different times, the Iranians made their operation appear as if it was controlled by Israelis. Analysts say the likely purpose of the impersonation was to identify individuals in the Middle East who were willing to sell secrets to Israel and other Western governments. It targeted military and intelligence staff associated with Iran’s allies in the region.
“The data collected by this campaign may support the Iranian intelligence apparatus in pinpointing individuals who are interested in collaborating with Iran’s perceived adversarial countries,” the Mandiant report said. “The collected data may be leveraged to uncover human intelligence (HUMINT) operations conducted against Iran and to persecute any Iranians suspected to be involved in these operations.”
Iran's mission to the United Nations did not immediately respond to a request for comment.
Mandiant found that the digital spies used a network of websites impersonating human resources companies to manipulate Farsi-speaking targets. The bogus firms were named VIP Human Solutions, also known as VIP Recruitment, Optima HR and Kandovan HR, among others. They leveraged dozens of inauthentic online profiles on Telegram, Twitter, YouTube and social media platform Virasty, which is popular in Iran, to promote the front companies. Nearly all the associated internet accounts have since been removed.
“VIP Recruitment, a center for recruiting respected military personnel into the army, security services and intelligence from Syria and Hezbollah, Lebanon,” said a statement on one of the websites. “Join us to help each other impact the world. Our duty is to protect your privacy.”
The hackers cast a wide net by using various social media platforms to disseminate links about their fake HR scheme. It is unclear how many targets ultimately fell for the ruse. The collected data, which included addresses, contact details and other resume-related data, could still be exploited in the future, Mandiant said.



Russia Captures UK National Fighting Alongside Ukraine in the Kursk Region

Civilians wearing military uniforms take part in a military training organized by Ukrainian soldiers of The Third Separate Assault Brigade in Kyiv, on November 23, 2024, amid the Russian invasion of Ukraine. (Photo by Tetiana DZHAFAROVA / AFP)
Civilians wearing military uniforms take part in a military training organized by Ukrainian soldiers of The Third Separate Assault Brigade in Kyiv, on November 23, 2024, amid the Russian invasion of Ukraine. (Photo by Tetiana DZHAFAROVA / AFP)
TT

Russia Captures UK National Fighting Alongside Ukraine in the Kursk Region

Civilians wearing military uniforms take part in a military training organized by Ukrainian soldiers of The Third Separate Assault Brigade in Kyiv, on November 23, 2024, amid the Russian invasion of Ukraine. (Photo by Tetiana DZHAFAROVA / AFP)
Civilians wearing military uniforms take part in a military training organized by Ukrainian soldiers of The Third Separate Assault Brigade in Kyiv, on November 23, 2024, amid the Russian invasion of Ukraine. (Photo by Tetiana DZHAFAROVA / AFP)

The Russian military captured a British national fighting alongside Ukrainian troops in Russia's partially occupied Kursk region, state news agency Tass reported Monday, citing unidentified sources in the law enforcement.
The man was identified by Tass and other media as James Scott Rhys Anderson. Tass quoted him as saying that he had served as a signalman in the British army for four years and then joined the International Legion of Ukraine, formed early on in Russia's nearly 3-year-old war against its neighbor.
In Ukraine, Anderson reportedly served as an instructor for Ukrainian troops and was deployed to the Kursk region against his will. Tass published a video of the man saying in English that he doesn’t want to be “here.”
The report couldn’t be independently verified, but if confirmed it could be the first publicly known case of a Western national captured on Russian soil while fighting for Ukraine.
The UK Embassy in Moscow and the Russian Defense Ministry did not immediately respond to requests for comment.