Iran's deep state unleashes phishing attacks on activists, journalists, researchers, academics, diplomats, politicians

Iranian security forces continue to crack down on protesters. According to activists, over 448 demonstrators have been killed so far.

Now, a human rights group says that the crackdown has entered the digital realm.

Hackers backed by the Iranian government have targeted two Human Rights Watch staff members and at least 18 other high-profile activists, journalists, researchers, academics, diplomats, and politicians working on Middle East issues in an ongoing social engineering and credential phishing campaign, Human Rights Watch said today.

An investigation by the New York-based human rights group said the phishing attacks were carried out by APT42- an entity affiliated with the Iranian government.

“Iran’s state-backed hackers are aggressively using sophisticated social engineering and credential harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups,” said Abir Ghattas, information security director at Human Rights Watch. “This significantly increases the risks that journalists and human rights defenders face in Iran and elsewhere in the region.”

American journalist among prominent targets

According to HRW, prominent targets of the phishing attack include a major American newspaper’s correspondent, a women’s rights defender based in the Gulf, and Nicholas Noe, an advocacy consultant for Refugees International based in Lebanon.

How the attack happened

According to the probe, in October 2022, a Human Rights Watch staff member working received suspicious messages on WhatsApp from a person pretending to work for a think tank based in Lebanon, inviting them to a conference.

Once people clicked on the suspicious link, they would be redirected to a login page where they would fill in their email addresses and passwords.

Similar attacks were reported by other victims. The phishing links were sent via WhatsApp.

Social engineering and phishing attempts remain key components of the cyberattacks, HRW said.

Apart from individuals, Iranian hackers have also targeted foreign governments, militaries, and businesses, HRW added.

Through these attacks, the hackers gain access to the victim’s mailboxes, web searches, online payment history as well their location and travel plans.

Meanwhile, HRW has said the attack has shown that it’s imperative for companies like Google to take extra steps to protect people from phishing attacks.

“In a Middle East region rife with surveillance threats for activists, it’s essential for digital security researchers to not only publish and promote findings, but also prioritize the protection of the region’s embattled activists, journalists, and civil society leaders,” Ghattas said.

With inputs from Human Rights Watch

Read all the Latest News , Trending News ,  Cricket News , Bollywood News , India News and Entertainment News here. Follow us on Facebook , Twitter and Instagram .