Human rights activists, journalists, and politicians have become targets for hackers linked to the Iranian government. Human Rights Watch attributes the activity to APT43 (also called TA453), an Iranian-backed group of hackers, identified by cybersecurity firm Mandiant back in September. The group has launched at least 30 operations against nonprofits, education, and government targets since 2015 and supports Iran’s Islamic Revolutionary Guard Corps.
Human Rights Watch was tipped off to the latest APT42 activity when one of its employees received a strange message on WhatsApp. The sender pretended to be someone working for a think tank in Lebanon and sent a suspicious link where they’d acquire the employee’s email password and authentication code.
During its investigation, HRC discovered an additional 18 victims who were all part of this campaign, with 15 of the targets confirming they’d received the phishing message between September 15 and November 25, all coming from the same WhatsApp number.
A correspondent for a U.S. newspaper, a women’s rights advocate in the Gulf region, and an advocacy consultant for Refuees International out of Lebanon are known to be among those who had their accounts compromised. Hackers retrieved information from their emails, cloud storage, contacts, and calendars. It was confirmed that at least one victim had a Google Takeout performed on their accounts. Takeout exports all activity, including web searches, payments, travel, location, ad interaction, YouTube history, as well other account information.
Human Rights Watch as well as other activists and global politicians are asking Google to strengthen its security warnings, particularly for those who are most at-risk and likely to be targeted in future hacking campaigns. Those who have been targeted reported not being aware of any attacks, as Google does not push notifications if Google Takeout is being performed.
Google advises users to take advantage of its 2-factor authentication system, which requires a code to be sent to the account owner when their account is being accessed from a new device or unknown browser. Google spokesperson Kimberly Samra says,
“Google also remains committed to threat collaboration and sharing our ongoing research to raise awareness on bad actors across the industry, as it helps to more quickly respond to attacks and protect online users.”
What measures do you take to keep your accounts secure? Now is a great time to take a moment and review your privacy settings!
Jennifer is a native Houstonian (go Astros!) with a knack for creating digital works of art. She has expansive experience creating content and branded collateral for Fortune 500 companies, as well as small local businesses. When she’s not buried in her laptop, Jennifer is the marketing director for a world championship circuit barbecue cook off team and pet mom to dog (Milo) and Guinea pig (Piggy Smalls).
