Iran Behind Charlie Hebdo Magazine Attacks: Microsoft

Microsoft on Friday attributed the recent influence operation targeting the satirical French magazine Charlie Hebdo to an Iranian nation-state actor.

In January, an online group called “Holy Souls,” which Microsoft identified as NEPTUNIUM, claimed that it had obtained the personal information of more than 2,00,000 Charlie Hebdo customers after “gain[ing] access to a database.”

Holy Souls had released a sample of the data, which included a spreadsheet detailing the full names, telephone numbers, and home and email addresses of accounts that had subscribed to, or purchased merchandise from, the publication. This information, obtained by the Iranian actor, could put the magazine’s subscribers at risk of online or physical targeting by extremist organisations.

“We believe this attack is a response by the Iranian government to a cartoon contest conducted by Charlie Hebdo,” Microsoft said in its blog.

“One month before Holy Souls conducted its attack, the magazine announced it would be holding an international competition for cartoons “ridiculing” Iranian Supreme Leader Ali Khamenei. The issue featuring the winning cartoons was to be published in early January, timed to coincide with the eighth anniversary of an attack by two al-Qa’ida in the Arabian Peninsula (AQAP)-inspired assailants on the magazine’s offices,” the company explained.

Holy Souls had advertised the cache of data for sale for 20 BTC (equal to roughly USD 3,40,000 at the time). 

The release of the full cache of stolen data – assuming the hackers actually have the data they claim to possess – would essentially constitute the mass doxing of the readership of a publication that has already been subject to extremist threats (2020) and deadly terror attacks (2015), Microsoft said.

Microsoft said that it has made the attribution based on a larger set of intelligence available to Microsoft’s DTAC team, the pattern seen here is typical of Iranian state-sponsored operations.