News of an Iranian hacker network targeting US government officials made waves yesterday after being uncovered by iSIGHT Partners. Buried deep in Reuters’ report is a password used by the group: parastoo.
Parastoo (پرستو), which is Persian for the bird swallow, is a common female first name. It’s also the name of a familiar Iranian hacktivist group known for leaking data from energy and government organizations in the United States.
We’ve covered Parastoo in the past including the timing of its proclaimed attacks compared to other Iranian hackers as well as an evaluation of its targeting and threats.
The first public statements by the hacktivist group Parastoo emerged during late 2012, which is some time after the 2011 start of the recently reported campaign iSIGHT is calling NEWSCASTER.
After iSIGHT exposure of NewsOnAir.org as a false front, more reporters and security researchers are digging in and adding to the collective intelligence around NEWSCASTER. (Wired and La Croix for example).
Using Recorded Future, analysts and defenders can track reporting linked to disclosed campaign infrastructure and pseudonyms (Sara McKibben, Adia Mitchell, Joseph Nillson, etc.) for new insights into the social engineering methods in play.