Human Rights Watch reports that hackers backed by the Iranian government known as APT42 have targeted multiple members of its staff. The hacking group has also targeted “at least 18 other high-profile activists, journalists, researchers, academics, diplomats and politicians working on Middle East issues” in an ongoing social engineering and phishing campaign.
The hacking group known as APT42 is sometimes referred to as “Charming Kitten”, “TA452”, and “Phosphorous” according to TechCrunch and cybernews. The group is backed by and supports the Iranian Islamic Revolutionary Guard Corps intelligence collection efforts, and has 30 confirmed operations against various targets globally since 2015, per TechCrunch.
The social engineering and phishing attempts are similar to most any other; the target, in one case, was sent a fake WhatsApp login page to capture the credentials and multi-factor authentication (MFA) code. Other attempts included using a fake Microsoft, Yahoo, and Google account login page.
At least three of the 20 individuals targeted had their accounts compromised, according to Human Rights Watch.
This allowed the attackers to gain access to “emails, cloud storage drives, contacts and calendars.” At least one account had a “Google Takeout” request performed, which is a service that exports data from all facets of the Google account including web searches, travel and locations, and more.
This news comes as hacking out of Iran, especially linked to the Islamic Revolutionary Guard Corps and Hamas, has been accelerating. Only a little over 10 years ago, Iran was considered a weak, barely capable cyber threat. Today, they are an advanced persistent threat motivated by geopolitics and espionage.
The full, extensive report is available on Human Rights Watch online.
