Not all FireEye activity focuses on financial crime, espionage, threats against utilities, defense, CNI and the like.
Dispelling a widely-held belief that it is only Russia that engages in online, social media-driven influence operations for political ends, we have recently identified such an operation appearing to originate in Iran. Aimed at US, UK, Latin American and Middle East audiences since at least 2017, it conducts significant, wide-reaching activity promoting political narratives according to Iranian interests.
Leveraging a network of inauthentic news sites and social media on different platforms, the operation is aligned to Iranian political interests including anti-Saudi, anti-Israeli and pro-Palestinian themes, as well as promoting support for specific US policies favorable to Iran such as the nuclear deal (JCPOA). The activity also includes significant anti-Trump messaging and the alignment of social media personas with an American liberal identity. It does not, however, appear to have been specifically designed to influence the 2018 US midterm elections as it extends well beyond US audiences and politics.
The report identifies and maps the registration and content promotion connections between the various news sites and social media account clusters identified to date, including detailed accounts of the websites concerned and the social media accounts connected with or otherwise promoting them. We have also identified Arabic-language, Middle East-focused sites that appear to be part of the broader operation.