Iranian regime has reportedly used a web server based in Netherland to spy on dissidents, Dutch Public Radio reported.
According to the report which was published by Netherland’s NPO Radio One, security officials tracked the web with the help of Romanian cybersecurity firm BitDefender and found out that the server was owned by a company registered in Cyprus.
According to BitDefender’s cybersecurity experts, the server is being used for “command and control” functions in order to facilitate remote control of infected computers and phones. These functions include stealing data, as well as collecting screen shots and audio recordings.
The discovery was reportedly made after an Iranian dissident based in Netherland received an infected file by a user of the popular instant messaging application Telegram.
Instead of opening the file, the recipient contacted cybersecurity experts, who identified it as a type of infected software that is known to have been used in the past by the Iranian state.
Cybersecurity experts from BitDefender found that the infected file was delivered to its target via a web server facility based in Haarlem, a city located 20 miles west of Amsterdam. The cybersecurity company said the server is registered to a company that belongs to a Romanian service provider.
The company is registered in Cyprus and provides services to a number of companies, including an American company. According to the report, they stopped using the service provider once the Iranian connection was revealed.