Canadian Centre for Cyber Security warns of sophisticated Iranian social engineering campaigns
News release
December 20, 2024 - Ottawa, Ontario
Canada’s foreign signals intelligence agency is warning of the continued and growing sophistication of social engineering campaigns run by Iranian cyber threat actors.
Published today by the Canadian Centre for Cyber Security (Cyber Centre), a part of the Communications Security Establishment Canada (CSE), the report outlines how Iranian cyber threat actors zero in on targets, with the goal of accessing information of political, economic, or military intelligence value to Iran.
The Cyber Centre is releasing this report through CSE’s mandate to provide information assurance on cyber security: acquiring, using, and analyzing information from the global information infrastructure, or from other sources, to provide advice, guidance, and services to help protect electronic information and information infrastructures – to keep Canadians safe and secure.
In the report, the Cyber Centre assesses that Iranian cyber threat actors are using sophisticated social engineering methods to enhance their spear phishing activities, including:
- Creating fake accounts with credible, attractive personas on multiple platforms
- Using professional interactions on social media platforms to build relationships with targets over long periods of time
- Luring their targets into engaging with them by referring to highly emotional content on geopolitical issues or traumatic events
A fake persona may reach out posing as someone with a potential job opportunity, a representative of a think tank or research institute, or a journalist. They are known to target defence contractors, aerospace employees, energy sector employees, journalists, academics, activists, politicians, diplomats, and civil society groups.
This warning builds on CSE’s assessments of Iran in CSE’s recently-released National Cyber Threat Assessment, which outlined how Iran uses its cyber program to coerce, harass and repress its opponents.
Read the full assessment.
Find Cyber guidance on how you may protect yourself from spear phishing.
Quotes
"Awareness is paramount when it comes to increasingly sophisticated threats like this one. We encourage everyone to read our latest advice and guidance and sign up for our alerts."
- Rajiv Gupta, Head of the Canadian Centre for Cyber Security
"Social media interaction with people we don’t know in real life has become so normalised, it may be hard to imagine but there are real threats out there. These accounts might be fake, but the threat is real."
- Bridget Walshe, Associate Head of the Canadian Centre for Cyber Security
Quick facts
-
What is spear phishing?
- Like regular phishing, spear phishing comes from scammers pretending to be something or someone they’re not.
- The difference is that spear phishing is a targeted attack focusing on one specific victim. Instead of a blanket message to a large audience, cyber criminals collect information on their targets beforehand, so that they can create a personalized message or pretend to be someone their target knows.
-
Over the 2023 to 2024 fiscal year, the Cyber Centre:
- blocked 6.6 billion potentially malicious actions a day, against government systems
- mitigated almost 300,000 malicious domains
- engaged with almost 1,900 Canadian critical infrastructure organizations
- analyzed over 1 billion suspicious files for malware
- shared 84 unique indicators of compromise a day
- helped respond to 2,192 cyber incidents
- used sensors to help protect the networks of 3 out of 4 federal institutions
- issued:
- 4 public threat assessments
- 34 new cyber security guidance publications
- 40 new Get Cyber Safe resources
- 250 pre-ransomware notifications
- 779 advisories
- 20 alerts
- 10 cyber flashes
Associated links
Contacts
Stay Connected
Follow us on X (Twitter)
For more information (media only) please contact:
Media Relations
Communications Security Establishment Canada
media@cse-cst.gc.ca
Page details
- Date modified: