Security News > 2022 > December > Iranian State Hackers Targeting Key Figures in Activism, Journalism, and Politics

Hackers with ties to the Iranian government have been linked to an ongoing social engineering and credential phishing campaign directed against human rights activists, journalists, researchers, academics, diplomats, and politicians working in the Middle East.

The digital break-in entailed gaining access to their emails, cloud storage, calendars, and contacts, as well as exfiltrating the entire data associated with their Google accounts in the form of archive files through Google Takeout.

"Iran's state-backed hackers are aggressively using sophisticated social engineering and credential harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups," Abir Ghattas, information security director at Human Rights Watch, said.

HRW further pointed out inadequacies in Google's security protections, as the victims of the phishing attack "Did not realize their Gmail accounts had been compromised or a Google Takeout had been initiated, in part because the security warnings under Google's account activity do not push or display any permanent notification in a user's inbox or send a push message to the Gmail app on their phone."

The option to request data from Google Takeout lines up with a.NET-based program called HYPERSCRAPE that was first documented by Google's Threat Analysis Group earlier this August, although HRW said it could not confirm if the tool was indeed employed in this specific incident.

What's more, the same code has been connected to another domain utilized as part of a social engineering attack attributed to the Charming Kitten group and disrupted by Google TAG in October 2021.

News URL

https://thehackernews.com/2022/12/iranian-state-hackers-targeting-key.html