A new wave of cyber attacks aimed at hacking Gmail and Facebook accounts of Iranian political activists and journalists has begun. Amir Rashidi from the International Campaign for Human Rights says these attacks are targeted and state-sponsored.
On Sunday night, August 21 (Mordad 31), someone contacted a political activist residing in Paris through Facebook chat, introducing himself as a former student of the activist. This person sends stickers that he apparently designed to the political activist, and by clicking on these stickers, the activist actually grants the unknown person access to his Facebook account.
An hour later, several Iranian journalists working for Deutsche Welle, BBC, and Radio Farda apparently receive invitations to Facebook chat from the same political activist, unaware that his Facebook account has been hacked and that the person chatting with them is actually a hacker.
The hacker tells one of these journalists that he has some news for him and sends him a fake file, then tries to obtain his email address and mobile number to send him a password. However, the journalist becomes suspicious midway through and cuts off the chat.
However, another journalist who was targeted by this hacker lost access to his Gmail account for several hours and was compromised.
Amir Rashidi, an internet researcher at the International Campaign for Human Rights, says that based on investigations conducted by the campaign, it has been determined that this hacker or these hackers are state-sponsored and had targeted specific individuals.
In response to the question of how one can confidently claim these hackers are state-sponsored, he tells Deutsche Welle: “When an ordinary hacker hacks you, they usually want to steal your credit card information or something else. State-sponsored hackers generally have no interest in stealing your money or accessing your financial information. State-sponsored hackers are mainly seeking to eavesdrop on people’s conversations and, through the individuals they hack, to attack a wider network.”
Mr. Rashidi also emphasizes that by examining the text of chats that these hackers had with their victims, it has become clear that they speak Persian very well and in an updated manner, and in most cases they introduce themselves as old friends or acquaintances of the victim.
Hacking Mobile Phones Through Fake Applications
Last week, the International Campaign for Human Rights also reported a new method for hacking the accounts of political and social activists. According to this report released on Mordad 23, “hackers contact their victims using phone numbers registered in the United Kingdom. In this method, the attacker introduces himself as an old friend of the victim, and when the victim is unable to identify the person, the attacker asks him to install the IMO video chat application, claiming that a video call will help him remember the victim. The attacker sends a fake file named imo.APK to the victim and asks him to use the file he sent instead of the original version from the app developer’s download centers to speed up the installation process.”
Amir Rashidi tells Deutsche Welle that over the past few years, the most common methods used by Iranian state-sponsored hackers to attack political activists, journalists, and members of civil society have been methods such as phishing and sending malware targeting Windows operating systems.
However, in recent weeks, experts from the International Campaign for Human Rights have noticed that Iranian state-sponsored hackers are now attempting to hack people’s mobile phones. Mr. Rashidi says: “In the samples we found, we discovered that they embed two types of eavesdropping and surveillance tools in application files designed for Android, and if users install these applications on their phones, all the information inside the phone is at the hacker’s disposal.”
For example, if the IMO application is used for hacking, the hacker can read all the victim’s SMS messages, eavesdrop on his phone calls, and in some cases can even eavesdrop on Skype or WhatsApp conversations.
For this reason, Mr. Rashidi emphasizes that users must be very careful about which applications they download and from what sources.
This internet researcher also recommends: “Users should be very careful not to open every link. When opening links, they should pay attention to the address in their browser. For example, a link sent from Google must definitely contain google.com. Anything other than this is not from Gmail. And when they receive files, they should be very careful about who is sending them and how. If necessary, they should even contact the sender by phone and verify the authenticity of the file. It is enough to do these small steps, and then you will see how much it can affect your security.”
Source: DW
