Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East.
At least 20 individuals are believed to have been targeted, Human Rights Watch (HRW) said in a report published Monday, attributing the malicious activity to an adversarial collective tracked as APT42, which is known to share overlaps with Charming Kitten (aka APT35 or Phosphorus).
The campaign resulted in the compromise of email and other sensitive data belonging to three of the targets. This included a correspondent for a major U.S. newspaper, a women’s rights defender based in the Gulf region, and Nicholas Noe, a Lebanon-based advocacy consultant for Refugees International.
The digital break-in entailed gaining access to their emails, cloud storage, calendars, and contacts, as well as exfiltrating the entire data associated with their Google accounts in the form of archive files through Google Takeout.
“Iran’s state-backed hackers are aggressively using sophisticated social engineering and credential harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups,” Abir Ghattas, information security director at Human Rights Watch, said.
