Berlin security service blames Iran for cyber attack on German companies

Employees sent fake job offers and duped into installing malware

(FILES) In this file photo taken on February 08, 2021 only few people walk in a shopping street in downtown of Munich, southern Germany, whose shops are closed, amid the ongoing novel coronavirus / Covid-19 pandemic.  People who have been fully vaccinated against Covid-19 will no longer have to abide by curfews and contact restrictions in Germany under a draft law agreed by the cabinet on Mai 4, 2021. / AFP / Christof STACHE
Powered by automated translation

Berlin security services say Iranian hackers were behind a cyber attack that targeted German companies by duping their employees into installing malware.

The attack was part of a wider effort by Iranian operatives to gain access to sensitive information in Germany, an intelligence report said.

In the latest breach, workers at German companies received phishing emails that purported to be messages offering them a job.

When they clicked on the corresponding links, they unwittingly installed malware on their computer.

The emails came from fake addresses and were designed to obtain information from the companies in question.

The breach was described as a “major cyber attack campaign” in a report by Berlin’s Office for the Protection of the Constitution.

“The reason for the increase in Iranian cyber operations in Germany probably lies in the political tensions in the Gulf,” it said.

“For one thing, Iran has a fundamental interest in acquiring political and economic information.

“On the other hand, the purpose of the attacks may also lie in circumventing the current sanctions against Iran.”

The Berlin intelligence report did not say what kind of information Iran might have sought from the latest attack.

However, security services in Germany believe that Iran is trying to acquire expertise and technology from Europe needed to build weapons of mass destruction.

A separate intelligence report last week revealed a series of “conspiratorial methods” used by Iran to cover up illegal weapons activity in Europe.

These included setting up fake companies, using middlemen and dividing exports into numerous small transactions so as not to attract suspicion.

Iran's activities came to the attention of Dutch intelligence too, which said Iran had tried to acquire critical goods and technology from the Netherlands.

Sweden also accused Iran of carrying out industrial espionage aimed at products that could be used to make nuclear weapons.

Iranian operatives under scrutiny in Europe

Left: Assadollah Assadi, right: Castle Reichsburg in Cochem, Germany, one of the planned stops on Assadi's European tour. Alamy
Left: Assadollah Assadi, right: Castle Reichsburg in Cochem, Germany, one of the planned stops on Assadi's European tour. Alamy

The Berlin report said Iran's intelligence services were particularly active in the field of cyber espionage, as were those of Russia and China.

“Successful cyber attacks can cause major financial, economic and political damage,” it said.

“An uncontrolled outflow of information about domestic or foreign policy, or Germany’s political stance, would be fatal in its consequences.”

The security service described Berlin as a magnet for foreign intelligence services because of its political importance and prominent technology sector.

It said Iranian regime loyalists were present in Berlin and took part in annual demonstrations on Al Quds Day, a festival inaugurated by Iran in 1979.

A headcount of potential extremists in Berlin included about 250 members of the Iran-backed Hezbollah.

Another category described as "others, especially Iranians loyal to the regime", included about 50 people.

A report last month by security services in the German state of Bavaria said Iranian intelligence was active in the country even after it was implicated in a bomb plot foiled by German authorities.

The Ministry of Intelligence of the Islamic Republic of Iran (MOIS), the Revolutionary Guard Corps Intelligence Organisation and the Guards’ elite Quds Force were named on a list of foreign spies active in Germany.

An MOIS operative was identified as the plotter behind a thwarted bomb attack on an Iranian opposition rally in Paris in 2018.

Guests at the event included former New York City mayor Rudy Giuliani and several British MPs.

The plotter, Assadollah Assadi, was arrested in Germany and transferred to Belgium, where police found explosives in a car.

More on Iran

US backs Saudi-Iran dialogue in Iraq but denies involvement

UK denies Iranian report of deal to free Nazanin Zaghari-Ratcliffe