Connect with us

Europe

Iran-backed hackers linked to espionage campaign targeting journalists and activists

News Agencies

Published

on

Hackers backed by the Iranian government targeted human rights activists, journalists, diplomats and politicians working in the Middle East during an ongoing social engineering and credential phishing campaign, according to Human Rights Watch.

In an analysis published on Monday, Human Rights Watch said it had attributed the espionage campaign to APT42, an Iran-backed hacking group first identified by cybersecurity firm Mandiant in September. Mandiant said APT42 – also referred to as TA453, Phosphorus and Charming Kitten – supports Iran’s Islamic Revolutionary Guard Corps intelligence collection efforts and has launched over 30 confirmed operations against various non-profit, education and government targets globally since 2015.

Human Rights Watch said it first became aware of APT42’s latest espionage campaign after one of its employees received suspicious messages on WhatsApp from someone pretending to work for a think tank based in Lebanon. The advocacy group found that a link included in the message directed the target to a fake login page that captured their email password and multi-factor authentication code.

In its analysis, conducted alongside Amnesty International’s Security Lab, Human Rights Watch identified 18 additional victims who had been targeted as part of the same campaign, and 15 of these targets confirmed that they had received the same WhatsApp messages between September 15 and November 25. On November 23, a second Human Rights Watch staff member received the same WhatsApp messages from the same number that contacted other targets.

Advertisement

For the three people whose accounts were known to be compromised — a correspondent for a major U.S. newspaper, a women’s rights defender based in the Gulf region, and an advocacy consultant for Refugees International based in Lebanon — the attackers gained access to emails, cloud storage drives, contacts and calendars. In at least one case, the attackers also performed a Google Takeout, a service that exports all of an account’s activity and information, including web searches, payments, travel and locations, ads clicked on, YouTube activity, and additional account information.

“Iran’s state-backed hackers are aggressively using sophisticated social engineering and credential harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups,” said Abir Ghattas, information security director at Human Rights Watch. “This significantly increases the risks that journalists and human rights defenders face in Iran and elsewhere in the region.”

Advertisement

In light of its investigation, Human Rights Watch is calling on Google to strengthen its Gmail account security warnings to protect better its most at-risk users, including journalists and human rights defenders, after it uncovered “inadequacies” in Google’s security protections.

“Individuals successfully targeted by the phishing attack told Human Rights Watch that they did not realize their Gmail accounts had been compromised or a Google Takeout had been initiated, in part because the security warnings under Google’s account activity do not push or display any permanent notification in a user’s inbox or send a push message to the Gmail app on their phone,” Human Rights Watch said in its analysis.

“Google’s security activity revealed that the attackers accessed the targets’ accounts almost immediately after the compromise, and they maintained access to the accounts until the Human Rights Watch and Amnesty International research team informed them and assisted them in removing the attacker’s connected device.”

Advertisement

Google spokesperson Kimberly Samra told TechCrunch that Google implements protections for high-risk users so their Google accounts are “protected against threats against Google services, or on other platforms as seen in this case.”

“Some of these protections include our Advanced Protection Program (APP) and 2-Step Verification (2SV) auto enrollments,” Samra said. “Google also remains committed to threat collaboration and sharing our ongoing research to raise awareness on bad actors across the industry, as it helps to more quickly respond to attacks and protect online users.”

Advertisement
Continue Reading
Advertisement

Advertisement

Breaking News

Editor Pick’s

Latest Entertainment

Entertainment1 hour ago

Britney Spears asks fans to respect her privacy after police welfare check: ‘Things went a little too far’

Britney Spears says things went “too far” after fans called police to her home. (Photo: FilmMagic) Britney Spears broke her...

Entertainment2 hours ago

Amy Robach and T.J. Holmes mediating with ABC amid suspension: ‘It’s all a huge mess,’ says source

T.J. Holmes and Amy Robach’s fate at GMA3 unclear as the two begin a mediation with ABC. (Photo: Getty Images)...

Entertainment6 hours ago

‘Shazam 2’ Trailer Highlights the Villainous Daughters of Atlas

A new Shazam! Fury of the Gods trailer has been released, giving fans a closer look at the upcoming DC...

Entertainment6 hours ago

Salma Hayek’s see-through dress leaves Channing Tatum speechless: ‘I have no comment’

Salma Hayek stuns in a see-through dress at the premiere for Magic Mike’s Last Dance. (Photo: Getty Images) Salma Hayek...

Entertainment6 hours ago

Succession season 4 teaser promises more warring, more Wambsgans, and a wedding

Succession will return for its fourth season March 24, HBO announced today. And we also got us our first, predictably...

Entertainment6 hours ago

Sam Smith Says ‘Changing’ Their Pronouns ‘Felt Like Coming Home’ — but Had Its Challenges

Sam Smith is reflecting on their journey since coming out as non-binary in 2019. In an exclusive clip shared with...

Entertainment7 hours ago

Why ‘Cheers’ favorite John Ratzenberger makes a rare TV appearance in ‘Poker Face’

Natasha Lyonne and John Ratzenberger in the second episode of Poker Face. (Photo: Evans Vestal Ward/Peacock) It’s been 30 years...

Entertainment7 hours ago

This is no joke, this is catering! See Adam Scott and crew in Party Down season 3 first trailer

The gang’s back together in the first trailer for the long-awaited third season of cult fave Party Down. Original stars...

Advertisement

Latest Sports

Sports42 mins ago

Why Warriors sent Moses Moody to G League for first time this season

Moses Moody is going to the G League for the first time this season. Here's why.

Sports1 hour ago

How 49ers can exploit Eagles’ biggest flaw to win NFC title game, per Greg Papa

Greg Papa breaks down how the 49ers can take advantage of one of the Eagles' biggest weaknesses in the NFC...

News2 hours ago

How Raptors stifled Kings star in impressive win

On the latest episode of "Strictly Hoops", C.J. Miles and Amit Mann discuss the schemes and strategy behind the Raptors...

Sports2 hours ago

Slight problem: Will Mahomes use chatter as fuel?

Unlike Tom Brady, Michael Jordan and others, Patrick Mahomes has never leaned into slights. Sunday, against the Bengals and Joe...

Sports2 hours ago

Patrick Reed: ‘It’s not like I tried to assassinate Rory McIlroy’

In less than a day Patrick Reed went from calling Rory McIlroy “an immature child” to praising the world No...

Sports3 hours ago

Jack Edwards apologizes to Pat Maroon for body-shaming comments

The Bruins broadcaster apologized to Maroon face to face ahead of Thursday's game in Tampa.

Sports3 hours ago

Ole Miss quarterback room is packed, Brian Kelly accidentally got an extra million dollars & should scholarships be removed from college sports?

Dan Wetzel, SI’s Pat Forde & SI’s Ross Dellenger react to a new in-depth article that covered the North Carolina...

Sports4 hours ago

Astros hire Braves VP Dana Brown, who becomes MLB’s only Black GM

The Braves drafted the 2022 NL Rookie of the Year and the runner-up under Brown.

Technology Hot News

Technology1 week ago

Led by "Amazon" and "Microsoft" .. the technology giants are planning to lay off 64,000 employees

After 10 years of driving the stock market bull run, big tech companies are racing to downsize staff to adapt...

Technology1 week ago

Apple introduces MacBooks with new M2 processors

Yesterday, Tuesday, Apple unveiled MacBooks powered by the new, faster “M2 Pro” and “M2 Max” processor chips, in a surprise...

Technology1 week ago

All you need to know about the upcoming Galaxy S23 phones from Samsung

Samsung has officially announced that the (Galaxy Unpacked 2023) event will be held this year on Wednesday, February 1, which...

Technology1 week ago

FTX Exchange Announces Hacking and Stolen $415 Million in Cryptocurrency

Bankrupt American cryptocurrency firm FTX announced today, Wednesday, that $415 million in cryptocurrency has been hacked and stolen from the...

Technology1 week ago

Because of a "fraudulent tweet"… Elon Musk's trial begins

Elon Musk's trial began Tuesday in San Francisco with the selection of jury members who will have to decide whether...

Technology1 week ago

An electric spoon replaces salt and spices, but with conditions

Experts have developed an electric spoon that is able to replace spices and flavors and affect the taste buds in...

Technology2 weeks ago

The biggest dangers of using tracking devices.. so you can escape?

If you spot an unknown Bluetooth tagging device, there are ways to disable the device so it can't track your...

Technology2 weeks ago

New Twitter.. For You tab to web version

The Twitter platform announced that it will bring the new tab (For You), which launched last Tuesday for iPhones and...

Advertisement