Freely subscribe to our NEWSLETTER

• Telegram groups range from 900 to 12,000 members
• Multiple groups provide a list of proxies and VPN that help to bypass the censorship in Iran
• Another group helps protestors access social media sites

Check Point Research (CPR) sees multiple hacker groups on the Telegram, Signal, Dark Web attempting to help protestors in Iran bypass restrictions forced by the regime. The observation came a day after anti-government protests began following the death of Mahsa Amini, who died after being arrested for allegedly violating laws requiring women to wear a headscarf.

Specifically, hacker groups are allowing people in Iran to communicate with each other, share news around what is going on at different places, which is what the government is trying to avoid, in order to douse the flames of protests.

Like in any other case, there are some hacking groups that are trying to make a profit from the situation and to sell information from IRAN and the Regime.

Telegram:

Official Atlas Intelligence Group channel
Members: 900
Source: Telegram
Activities: Data leaking and selling

Currently doing: Focusing on leaking data that can help against the regime in Iran, including officials’ phone numbers and emails, and maps of sensitive locations. Of course, they are also trying to upsell the “private” information on IRGC (last image).

Providing a list of Proxies that will help to bypass the censorship in Iran

ARVIN
Members: 5,000
Source: Telegram
Activities: Data leaking and selling

Currently doing: Focusing on news from the protests in Iran, reports and videos from the streets where the protests are, and information about the internet status in Iran.

Open VPN servers to bypass censorship

Reports on the internet status in Iran -

RedBlue™
Members: 4,000
Source: Telegram
Activities: Hacking conversations and guides, part of the hacking website hide01.ir, which is operated by Iranians, on the subject of computers and software hackings.

Currently doing: Same, some of the conversations are about bypassing the censorship and helping those living in Iran to access social media sites.

Tor Project
Members: 12,000
Source: telegram, Tor Page on web
Activities: Regular updates on the Tor Project, this group is part of the regular _ channels; Tor Project is sending out messages to the community.

Currently doing: Same, but with some emphasis on the help that Tor can bring to the protestors in Iran.

Signal
“Signal” is a messaging app developed by the non-profit Signal Foundation.
Users can send one-to-one and group messages, which can include files, voice notes, images, and videos as well as voice and video calls.

Signal decided to also join the effort and support the protests in Iran, helping other people to setup proxy servers that can be used to bypass the censorship in Iran. https://signal.org/blog/run-a-proxy/

Liad Mizrachi, Security Researcher at Check Point Software explain:
“What we see are groups from the Telegram, dark and also ‘regular’ web helping the protestors to bypass the restrictions and censorship that are currently in place by the Iranian Regime, as a way to deal with the protests. We began seeing these groups emerge roughly a day after the protests began. These groups allow people in Iran to communicate with each other, share news around what is going on at different places. We will continue to monitor the situation.”