Iran, activists and human rights defenders under cyber attack: a whatsapp arrives and you are immediately trapped

ROME – It arrives on the mobile phone like a banal Whatsapp with an invitation to a conference, from an interlocutor who works at a think tanks in Beirut. However, this is a virtual trap: an attempt to phishing (a computer scam) implemented to steal sensitive information such as passwords, geo-location and access to email accounts and thus be able to spy on the victim. The principal is the Iranian government, the recipients are usually journalists, researchers, academics, human rights defenders, lawyers, generally people working in the Middle East area. Three activists of the organization have received the trap message in recent months Human Rights Watch, fortunately without consequences. It happened to the journalist of liberation Pierre Alonso, who mainly deals with Iran. But even he didn’t fall for the trap. Instead, a women’s rights activist who works in the Gulf area, a correspondent for an American newspaper and a consultant for an international organization working in the field of refugees have fallen for the deception.

Revolution and spies. The campaign of phishing of Tehran is entrusted to the APT42 group (Advanced persistent threatadvanced permanent threat), also known as “Charming kitten” or “Phosphorus”. Hackers are particularly active in these months of protests, with Iranians taking to the streets demanding rights and freedoms following the death of Mahsa Amini, the 22-year-old arrested by the morality police on September 13 because she did not wear the veil correctly and then fell victim to beatings. Specialized in the collection of sensitive data and passwords, the APT42 has developed some malware – a computer “device” to disrupt a user’s network operations – designed for smartphones equipped with an Android operating system, in order to track movements, spy on communications and monitor the activities of dissidents, activists and anyone who poses a threat to the dictatorship. Hackers attacked pharmaceutical companies in early 2020, when the Covid-19 pandemic hit. They targeted political groups opposing the regime in the 2021 presidential elections. In the latter case, the investigation by Human Rights Watchconducted together with Security Lab from Amnesty Internationalhighlighted attempts to phishing against eighteen people, including opposition politicians.

Cyber ​​attacks as a political strategy. Researchers from the Miaan group, an organization founded in 2019 with the aim of providing legal and technical assistance to those working in the field of human rights, denounce that since 2018 Tehran has targeted activists and dissidents through cyber attacks. In fact, there would be hundreds of victims of malware And phishing to which personal information has been stolen. But this also happens due to the inadequacy of Google’s user data protection systems, complaint Human Rights Watch. The victims of cyber attacks – writes the organization – did not even realize that their Gmail accounts had been compromised. According to Miaan scholars, most of the Iranian government’s targets come from the country’s ethnic and religious minorities, including Turks, Sufi Muslims and Sunni Arabs. For Abir Ghattas, director of security at Human Rights Watch, the ongoing cyberattack campaign further increases the risks faced by journalists and human rights defenders who are in Iran or elsewhere in the area. For this reason, it would be necessary for anyone doing research in the field of information security to have as a priority the study of new systems for the digital protection of activists, journalists and civil society exponents who are committed to defending human rights.