{"id":50400,"date":"2023-02-03T21:41:00","date_gmt":"2023-02-03T21:41:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/iran-backed-actor-behind-cyberattack-charlie-hebdo-microsoft-says"},"modified":"2023-02-03T21:41:00","modified_gmt":"2023-02-03T21:41:00","slug":"iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/","title":{"rendered":"Iran-Backed Actor Behind ‘Holy Souls’ Cyberattack on Charlie Hebdo, Microsoft Says"},"content":{"rendered":"
<\/div>\n

A recent attack where a threat group calling itself “Holy Souls” accessed a database belonging to satirical French magazine Charlie Hebdo and threatened to dox more than 200,000 of its subscribers was the work of Iranian state-actor Neptunium, Microsoft said on Feb. 3.<\/p>\n

The attack appears to have been a response by the Iranian government to a cartoon contest that Charlie Hebdo announced in December, where the magazine invited readers from around the world to submit caricatures “ridiculing” Iran’s Supreme Leader Ali Khamenei. Results of the contest were to be published on Jan. 7, the eighth anniversary of a deadly 2015 terror attack on Charlie Hebdo<\/a> \u2014 in retaliation for publishing cartoons of Prophet Mohammed \u2014 that left 12 of its staffers dead.<\/p>\n

Doxing Could Have Put Subscribers at Risk of Physical Targeting<\/h2>\n

Microsoft said it determined Neptunium was responsible for the attack<\/a> based on artifacts and intelligence that researchers from its Digital Threat Analysis Center (DTAC) had collected. The data showed that Neptunium timed its attack to coincide with the Iranian government’s formal criticism of the cartoons, and its threats to retaliate against Charlie Hebdo for them in early January, Microsoft said.<\/p>\n

Following the attack, Neptunium announced<\/a> it had accessed personal information belonging to some 230,000 Charlie Hebdo subscribers, including their full names, phone numbers, postal addresses, email addresses, and financial information. The threat actor released a small sample of the data as proof of access and offered the full tranche to anybody willing to buy it for 20 Bitcoin \u2014 or about $340,000 at the time, Microsoft said. <\/p>\n

“This information, obtained by the Iranian actor, could put the magazine\u2019s subscribers at risk of online or physical targeting by extremist organizations,” the company assessed \u2014 a very real concern given that Charlie Hebdo fans have been targeted more than once<\/a> outside of the 2015 incident.<\/p>\n

Many of the actions that Neptunium took in executing the attack, and following it, were consistent with tactics, techniques, and procedures (TTPs) that other Iranian state actors have employed when carrying out influence operations, Microsoft said. This included the use of a hacktivist identity (Holy Souls) in claiming credit for the attack, the leaking of private data, and the use of fake \u2014 or “sockpuppet” \u2014 social media personas to amplify news of the attack on Charlie Hebdo.<\/p>\n

For instance, following the attack, two social media accounts (one impersonating a senior French tech executive and the other an editor at Charlie Hebdo) began posting screenshots of the leaked information, Microsoft said. The company said its researchers observed other fake social media accounts tweeting news of the attack to media organizations, while others accused Charlie Hebdo of working on behalf of the French government.<\/p>\n

Iranian Influence Operations: A Familiar Threat<\/h2>\n

Neptunium, which the US Department of Justice has been tracking as “Emennet Pasargad<\/a>,” is a threat actor associated with multiple cyber-enabled influence operations in recent years. It is one of many apparently state-backed threat actors working out of Iran that have heavily targeted US organizations in recent years<\/a>.<\/p>\n

Neptunium’s campaigns include one where the threat actor attempted to influence the outcome of the US 2020 general elections by, among other things, stealing voter information, intimidating voters via email, and distributing a video about nonexisting vulnerabilities in voting systems. As part of the campaign, Neptunium actors masqueraded as members of the right-wing Proud Boys group, FBI’s investigation of the group showed. In addition to its Iran government-backed influence operations, Neptunium is also associated with more traditional cyberattacks<\/a> dating back to 2018 against news organizations, financial companies, government networks<\/a>, telecommunications firms, and oil and petrochemical entities.<\/p>\n

The FBI said that Emennet Pasargad is actually an Iran-based cybersecurity company working on behalf of the government there. In November 2021, a US grand jury in New York indicted two of its employees<\/a> on a variety of charges, including computer intrusion, fraud, and voter intimidation. The US government has offered $10 million as reward for information leading to the capture and conviction of the two individuals.<\/p>\n

Neptunium’s TTPs: Reconnaissance & Web Searches<\/h2>\n

The FBI has described the group’s MO as including first-stage reconnaissance on potential targets via Web searches, and then using the results to scan for vulnerable software that the targets could be using. <\/p>\n

“In some instances, the objective may have been to exploit a large number of networks\/websites in a particular sector as opposed to a specific organization target,” the FBI has noted. “In other situations, Emennet would also attempt to identify hosting\/shared hosting services.”<\/p>\n

The FBI’s analysis of the group’s attacks shows that it has specific interest in webpages running PHP code, and externally accessible MySQL databases. Also of high interest to the group are WordPress plug-ins<\/a> such as revslider and layerslider, and websites that run on Drupal, Apache Tomcat, Ckeditor, or Fckeditor, the FBI said. <\/p>\n

When attempting to break into a target network, Neptunium first verifies if the organization might be using default passwords for specific applications, and it tries to identify admin or login pages. <\/p>\n

“It should be assumed Emennet may attempt common plaintext passwords for any login sites they identify,” the FBI said.<\/p>\n

Read More HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The January attack was in retaliation for the satirical French magazine’s decision to launch a cartoon contest to lampoon Iran’s Supreme Leader.Read More HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-50400","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"\nIran-Backed Actor Behind 'Holy Souls' Cyberattack on Charlie Hebdo, Microsoft Says 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Iran-Backed Actor Behind 'Holy Souls' Cyberattack on Charlie Hebdo, Microsoft Says 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-03T21:41:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt587e222b1211abe1\/63dd6f850b3eae53e4a21798\/charliehebdo_M._Etcheverry_shutterstock.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Iran-Backed Actor Behind ‘Holy Souls’ Cyberattack on Charlie Hebdo, Microsoft Says\",\"datePublished\":\"2023-02-03T21:41:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/\"},\"wordCount\":861,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt587e222b1211abe1\\\/63dd6f850b3eae53e4a21798\\\/charliehebdo_M._Etcheverry_shutterstock.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/\",\"name\":\"Iran-Backed Actor Behind 'Holy Souls' Cyberattack on Charlie Hebdo, Microsoft Says 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt587e222b1211abe1\\\/63dd6f850b3eae53e4a21798\\\/charliehebdo_M._Etcheverry_shutterstock.jpg\",\"datePublished\":\"2023-02-03T21:41:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt587e222b1211abe1\\\/63dd6f850b3eae53e4a21798\\\/charliehebdo_M._Etcheverry_shutterstock.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/blt587e222b1211abe1\\\/63dd6f850b3eae53e4a21798\\\/charliehebdo_M._Etcheverry_shutterstock.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Iran-Backed Actor Behind ‘Holy Souls’ Cyberattack on Charlie Hebdo, Microsoft Says\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Iran-Backed Actor Behind 'Holy Souls' Cyberattack on Charlie Hebdo, Microsoft Says 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/","og_locale":"en_US","og_type":"article","og_title":"Iran-Backed Actor Behind 'Holy Souls' Cyberattack on Charlie Hebdo, Microsoft Says 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-02-03T21:41:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt587e222b1211abe1\/63dd6f850b3eae53e4a21798\/charliehebdo_M._Etcheverry_shutterstock.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Iran-Backed Actor Behind ‘Holy Souls’ Cyberattack on Charlie Hebdo, Microsoft Says","datePublished":"2023-02-03T21:41:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/"},"wordCount":861,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt587e222b1211abe1\/63dd6f850b3eae53e4a21798\/charliehebdo_M._Etcheverry_shutterstock.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/","url":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/","name":"Iran-Backed Actor Behind 'Holy Souls' Cyberattack on Charlie Hebdo, Microsoft Says 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt587e222b1211abe1\/63dd6f850b3eae53e4a21798\/charliehebdo_M._Etcheverry_shutterstock.jpg","datePublished":"2023-02-03T21:41:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt587e222b1211abe1\/63dd6f850b3eae53e4a21798\/charliehebdo_M._Etcheverry_shutterstock.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/blt587e222b1211abe1\/63dd6f850b3eae53e4a21798\/charliehebdo_M._Etcheverry_shutterstock.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/iran-backed-actor-behind-holy-souls-cyberattack-on-charlie-hebdo-microsoft-says\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Iran-Backed Actor Behind ‘Holy Souls’ Cyberattack on Charlie Hebdo, Microsoft Says"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50400"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50400\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}