article featured image


The „Holy Souls” or NEPTUNIUM threat group is considered responsible for the recent attack on the satirical French magazine Charlie Hebdo. The group is known to be backed up by the Iranian state and was previously sanctioned by the U.S. government.

Due to a successful data breaching attack, hackers claim they are now in possession of sensitive information belonging to more than 200,000 Charlie Hebdo customers. The database allegedly includes customers` full names, telephone numbers, as well as home and email addresses.

While the Holy Souls cybercriminals group poses as „hacktivists”, they also released as proof of their data theft a 200-record sample that includes, among other sensitive info, home addresses of Charlie Hebdo subscribers. Researchers warn that the leaked data could put the magazine’s subscribers in danger and make them an easy target for online or physical attacks.

Researchers suspect the attack was launched as a consequence of Charlie Hebdo`s conducting a cartoon contest that put into unfavorable light the ”Iranian Supreme Leader Ali Khamenei”. According to them:

After Holy Souls posted the sample data on YouTube and multiple hacker forums, the leak was amplified by a concerted operation across several social media platforms.

This amplification effort made use of a particular set of influence tactics, techniques, and procedures (TTPs) DTAC has witnessed before in Iranian hack-and-leak influence operations.


The complete data cache appeared for sale, at the price of $340,000, on the dark web, in several places.

One year ago, in January 2022, the FBI hold the same cyber unit responsible for a complex influence campaign that interfered with the 2020 presidential elections. According to thehackernews.com, two Iranians were found playing a role in the disinformation and threat campaign.

If you liked this article, follow us on LinkedIn, Twitter, Facebook, Youtube, and Instagram for more cybersecurity news and topics.

Author Profile

Livia Gyongyoși

Communications and PR Officer

Livia Gyongyoși is a Communications and PR Officer within Heimdal®, passionate about cybersecurity. Always interested in being up to date with the latest news regarding this domain, Livia's goal is to keep others informed about best practices and solutions that help avoid cyberattacks.