Iran is experiencing a near-total disruption in internet services in the west and intermittent disruptions across the country, with access to Instagram, Whatsapp and some mobile networks blocked, Netblocks says.
While Twitter and Facebook were banned in Iran years ago, Instagram and WhatsApp remained one of the few accessible social media platforms in the country. That is, until Wednesday, when the two apps were smothered.
Signal also issued one call for help from the tech community asking those willing and able to set up a proxy server.
The country’s disrupted cellphone networks also include Iran’s leading cellphone operator MCI.
According to Netblocks, a watchdog that oversees cybersecurity and internet governance, the type of internet disruption currently taking place in Iran is affecting connectivity at the network layer, meaning VPN or software workarounds are generally not possible .
The communications blocks coincide with nationwide protests over the death of Mahsa Amini. Protests erupted after Amini died in police custody after being arrested by Iran’s morality police for improperly wearing her hijab.
Police claimed Amini suffered sudden heart failure and died after being in a coma for two days, but eyewitnesses claim and leaked medical records support the thesis that she was beaten and died from the resulting injuries.
Demonstrations that broke out in Amini’s home region of Kurdistan spread to other provinces this week. Videos show scenes of women dancing and burning their hijabs cut her hair.
The scenes in Iran are amazing. How far will these protests go?
— Frida Ghitis (@FridaGhitis) September 20, 2022
“The disruptions are likely to severely limit the public’s ability to express political dissatisfaction and communicate freely,” said mesh blocks.
The outfit called The outages were the “heaviest internet restrictions since the November 2019 massacre, when the government shut down the internet for about six days in a near-total blackout as it tried to quell protests. At that time, connectivity was gradually and selectively restored.”
New group embeds itself in ‘magnet of threats’ linked to Iran and China
In other Iranian news this week, cybersecurity researchers at SentinelOne’s SentinelLabs said they had discovered a new online attacker group lurking in a “magnet of threats” that has a relationship with other attacker groups connected to China and Iran.
A “threat magnet” is a target so desirable that multiple hacking attacks coexist on the system at the same time.
Among the group was a new player named “Metador”. Metador has been around for at least two years and is well funded, SentinelOne said. It is primarily aimed at telecommunications companies, ISPs and universities in the Middle East and Africa.
The attack chains used by Metador are designed to bypass security and deliver malware directly in memory. Researchers have uncovered two Windows malware platform variants and evidence of a Linux implant.
“The limited number of intruders and long-term access to targets suggests that the threat actor’s primary motive is espionage,” the team said. However, SentinelLabs was unable to identify a specific culprit behind the crimes.
“Although Metador appears to be primarily focused on facilitating collection operations that are aligned with government interests, we note the possibility of a high-end contractor arrangement that is not tied to a specific country,” they said researcher.
US government agencies warn Iranian hackers who have been accessing Albania’s government network for over a year
On Monday, the US Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint statement revealing details of an attack by Iranian state cyber actors on the Albanian government network.
In July, the group calling itself HomeLand Justice launched an attack that disabled Albanian government websites and services.
“An FBI investigation shows that Iranian state cyber actors gained initial access to the victim’s network approximately 14 months before the launch of the destructive cyber attack, which included a ransomware-like file scrambler and hard drive erasing malware,” revealed the FBI and CISA. “The actors had continuous network access for about a year and regularly accessed and exfiltrated email content.”
The group also used a compromised Microsoft Exchange account to perform searches on various mailboxes, authorities claimed, while using the compromised account to create a new one and add it to the Organization Management role group. It was then able to exfiltrate large amounts of data.
In September, the group launched another similar wave of attacks against the Albanian government, which not only resulted in but also a severing of diplomatic relations between the two countries sanctions from the US Treasury Department. ®
https://www.theregister.com/2022/09/23/whatsapp_and_instagram_now_restricted/ WhatsApp and Instagram restricted in Iran • The Register