Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Social Engineering

Iranian Cyber Operation Posts Threats

FBI: 'Enemies of the People' Campaign Threatens US Officials Through Emails, Text Messages
Iranian Cyber Operation Posts Threats

The FBI is warning that an Iranian-linked cyber operation called "Enemies of the People" continues to threaten federal and state officials as well U.S. civilians.

See Also: Live Webinar | SolarWinds Breach: If Cyber Companies Can Get Hit, Do You Stand A Chance?

When the FBI and the U.S. Cybersecurity and Infrastructure Security Agency issued their initial warning about the Enemies of the People site in December 2020, the agencies noted that the main site - enemiesofthepeople.org - was disabled. The latest alert, however, notes that the campaign is active again and using other methods to spread their messages.

"The Iranian cyber actors have sought to intimidate some of the officials with direct threats, including an image of an apparent text communication between the [Enemies of the People] actors and an unidentified individual in the United States purportedly supporting the operation," according to the new FBI alert.

The Iranian-linked threat actors are sending threatening emails and text messages to American citizens that can contain personal information as well as photographs, the FBI reports.

The threat actors also are now using social media and other platforms to promote and disseminate messaging about the Enemies of the People operation, according to the alert.

Post-Election Efforts

The operation started after the November 2020 U.S. election as a way to create divisions and mistrust as well as undermine confidence in the voting process, U.S. authorities say.

The most recent FBI alert notes that the Iranian-linked threat actors appear to have revived the campaign around the same time as the Jan. 6 riot at the U.S. Capitol in an attempt to disrupt the transition of power from the Trump administration to the Biden administration. The threat actors are seeking to inspire others, including American citizens, to disrupt this process as well, the FBI says (see: FBI: Disinformation Campaigns Seek to Exploit Capitol Siege).

"Individuals in the United States intent on disrupting the peaceful transition of power potentially may be inspired by and act upon these influence efforts to harass, harm, threaten or attack individuals specifically identified," according to the FBI.

A December 2020 report in the Washington Post noted that FBI Director Christopher Wray and former CISA Director Christopher Krebs were two of the original targets of the campaign.

The FBI notes that several email addresses and social media handles are now associated with the Enemies of the People campaign. The bureau asks anyone who receives messages from the following accounts to alert authorities:

  • enemies0fthepe0ple[@]protonmail[.]com
  • EnemiesOfThePeople[@]protonmail[.]com
  • E.0.T.P[@]protonmail[.]com
  • enemiesofthenation[@]protonmail[.]com
  • ep.ep.ep2020[@]protonmail[.]com
  • Enemiesofthepeople[@]hotmail[.]com
  • @karakara63 (Twitter)
  • @E0TP (Parler)
  • @Eddie12ud342u (Parler)
  • @loriii2020 (Parler)
  • @riley1989 (Parler)

Some of the social media handles listed by the FBI are associated with Parler, a platform that had grown in popularity with right-wing organizations. Since the riot at the Capitol, however, Amazon Web Services removed the site from its cloud services and it's no longer accessible (see: Parler Content Forcibly Archived by Researchers After Riot).

Other Threats

Before the November 2020 election, government agencies warned that Iranian-linked groups were trying to threaten individuals as a way to interfere with the election process and spread disinformation.

In October 2020, the Department of Homeland Security released a warning and provided evidence that threat actors with links to Iran had sent threatening emails to Democratic voters ahead of the election (see: Election Interference: Feds Detail Iran's Alleged Campaign).


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.