What is Persian Stalker?

Persian Stalker is targeting Iranian social media accounts.

The “group” has been around since 2017, and they have been observed targeting social media accounts.  Specifically, this group focuses on gaining access and control of Instagram and Telegram accounts.

Telegram is a popular service with about 40 million users.  Telegram is a communication app that has been used to organize protesters in Iran.  Of course, the Iranian government is not a fan of this service.  The Iranian government has actively requested that certain services and channels be shut down.  As far as we know, the Iranian government has not engaged in blocking the service in Iran.

Persian Stalker uses several techniques to gain access to user’s accounts.  They have created false login pages for miss-typed domain names.  If you accidentally misspell the website, the malicious website will appear that looks exactly like the real thing.  When the user logs in the login data are captured, and the user is presented with an error message.  Of course, the 2nd login will work correctly, so the user never finds out that their login information was compromised.

Another technique that Persian Stalker uses is BGP hijacking.  BGP stands for Border Gateway Protocol.  BGP is the routing protocol that is used in the internet backbone.  BGP is also gaining popularity as the protocol used in some wide area networks.  BGP hijacking is accomplished when the routing tables are corrupted so that the attacker can maliciously reroute internet traffic.  In the case of Persian Stalker, the BGP hijacking is used to capture the user’s credentials.

In summary, Persian Stalker is a malicious team who is stealing social media account usernames and passwords.  They are primarily targeting Iranian users, but this target may expand to other areas of the world.  This group uses the stolen information for malicious purposes.  There is no evidence that this group has any political agenda.





Photo of author

Donald Korinchak, MBA, PMP, CISSP, CASP, ITILv3

Donald Korinchak is a Cybersecurity Professional in the Washington DC area. Donald holds an MBA from the University of Pittsburgh Katz School of Business. Donald is considered a thought leader in business, leadership, and cybersecurity issues.

1 thought on “What is Persian Stalker?”

  1. Interesting that I came upon this…We’re being Victimized 25 months (2yrs) now. These guys hacked into my IP address, Twitter, IPAD and hacked every email and my contacts, my user names including passwords tried to harass me for pretty photos and use a highly advanced VR & V2K/ Electronic Covert Device (microwave EF) to get 411 on all it’s hacked victims ACCOUNTS. They hack into social media accounts FIRST to get legal info for banks and credit card ACCESS. I have Identified THESE TWO Iranian gang stalkers via screen shot & background checks. So surprised this self proclaimed Dr Ramin Parham who is not a Botanist & his Brother Babak Bagher Parham is a licensed electrician living in El Dorado hills, Ca since 1989 and NEVER GOT CAUGHT DOING THIS heinous crimes..?
    So Glad I came upon this site of info. Knowing We are Not the only Victims!!!


Leave a Comment