Iran-backed hackers hit both U.K., Australian parliaments, says report

The cybersecurity firm Resecurity has connected a 2017 attack on the U.K. Parliament with the February hack of the Australian Parliament.
The Iranian flag
The Iranian flagRonald Zak / AP file

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
SUBSCRIBE
By Ken Dilanian

WASHINGTON — The Iranian-backed hackers who stole personal data on Australian lawmakers earlier this year are the same group that attacked the British Parliament in 2017, according to new research by a cybersecurity firm that sheds light on Iran's campaign of cyberespionage against its adversaries.

A report by Los Angeles-based Resecurity, obtained exclusively by NBC News, says the Feb. 8 hack of the Australian Parliament "is a part of a multi-year cyberespionage campaign" by an Iranian-backed hacking group they call Iridium.

"This actor targets sensitive government, diplomatic and military resources" in Australia, Canada, New Zealand, the U.K. and the U.S., the firm says.

Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.

Australia has not formally attributed the attack to Iran, but the Iran connection was first reported this month by The Wall Street Journal.

The BBC attributed the 2017 British parliament attack to Iran, but Resecurity for the first time connected the two events, said Charles Yoo, Resecurity's president.

Click here to read the report

Using brute force attacks that guessed passwords, the hackers obtained thousands of records from both parliaments containing names, email addresses, birthdates and other information on lawmakers and their staff.

"We don't believe they are really trying to influence elections but we know that they are collecting so-called strategic intelligence," Yoo said.

Resecurity obtained some of the data stolen in the hacks and showed it to NBC News.

In the 2017 U.K. attack, the email accounts of 90 Parliament members were compromised.

The same Iranian-backed group compromised a database belonging to the Liberal Democratic Party of London, Resecurity says.

U.S. officials say Iranian cyber-spying is a growing concern. Earlier this month, federal prosecutors charged former U.S. counterintelligence agent Monica Elfriede Witt with espionage on behalf of Iran. They also charged four Iranians — Behzad Mesri, Mojtaba Masoumpour, Hossein Parva, and Mohamad Paryar — with allegedly using information she had provided to help them target her former colleagues and conduct other cyberespionage. Witt is believed to be in Iran.

Mesri had previously been charged in 2017 with hacking HBO's computer network, stealing unaired episodes of hit shows and demanding millions in Bitcoin as ransom.