In case you missed it, back in July, HBO, the cable giant behind popular show Game of Thrones, was hacked, and 1.5 TB of data was stolen. It took a couple of months, but after an investigation, the FBI and US Department of Justice identified the hacker to be Behzad Mesri, an Iranian national.

HBO hacker linked to Iranian cyber-espionage group, Charming Kitten

Mesri, who is currently at large, is now being linked to Charming Kitten, a cyber-espionage group believed to be sponsored by the Iranian government. The report, released by Israeli cybersecurity firm ClearSky, details how Mesri, along with two other individuals, could be part of the group, responsible for targeting academics, journalists and human rights activists.

Connection between Mesri and Charming Kitten

Charming Kitten, known as an Advanced Persistent Threat (APT), is thought to have started its activities in 2013, but after security firm FireEye published a report on the group in 2014, it went inactive. It is also widely believed that the group was acting under the protection of the Iranian government.

It was revealed by US officials that Mesri, also known Skote Vahshat, was part of the Iranian military, but was also active as a hacker, and is responsible for the HBO hack. Now, ClearSky links him to Charming Kitten. Mesri is know to have been part of a different group, Turk Black Hat in the past, along with ArYaIeIrAN, a fellow Iranian national. ArYaIeIrAN is believed to be in Charming Kitten as his email address pops up in the Start of Authority (SOA) record of multiple domains that are used by the group, which all use persiandns.net as their name server. And persiandns.net is registered to ArYaIeIrAN. persiandns.net redirects to mahanserver.ir, which is owned by Mohammad Rasoul Akbari, who is following/followed by ArYaIeIrAN on Twitter, and is friends with Mesri on Facebook.

“We estimate with medium certainty that the three are directly connected to Charming Kitten, and potentially, along with others – are Charming Kitten,” the report explains.

Hacker was most likely acting alone

This is not to say that the HBO hack was ordered by the Iranian government. Rather, we try to strengthen the assumption that Mesri was, at a certain time, part of, or related to Charming Kitten,” ClearSky cautions.

It is not believed that Charming Kitten was behind the HBO hack, as that would be uncharacteristic to the group. Charming Kitten focuses on spying and intelligence gathering rather than obtaining money, which was the main purpose of the HBO hack. While Charming Kitten tries to stay in the background, attracting as little attention as possible, Mesri contacted various media outlets to promote the hack.

Despite being charged by the US, Mesri remains free in Iran, the latter’s officials yet to respond to the charges.

Leave a Reply