MADRID, Dec. 5 (.) –
The NGO Human Rights Watch has denounced this Monday that the Government of Iran has supported hackers who have acted against activists, journalists and politicians in recent months.
“Iran’s state-backed hackers are aggressively using sophisticated social engineering and credential-harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups,” Iran’s security director said. reporting from HRW, Abir Ghattas.
“This significantly increases the risks faced by journalists and human rights defenders in Iran and elsewhere in the region,” Ghattas added.
The organization has estimated 18 people who have suffered computer hacks, including activists, journalists, researchers, academics, diplomats and politicians who work on Middle East issues. Of these, most would have received suspicious messages between September 15 and November 25 of this year.
Three of the victims – an American journalist, a defender of women’s rights and a Refugees International consultant – would have seen their personal data such as contacts or cloud storage units compromised, as well as email.
“In a Middle East region rife with surveillance threats to activists, it is essential that digital security researchers not only publish and promote findings, but also prioritize the protection of activists, journalists and civil society leaders from the region,” urged the Human Rights Watch researcher.
The NGO’s investigation has revealed weaknesses in Google’s security protections to safeguard user data, since the people who suffered the attacks would not have been notified by the company.
Likewise, from HRW they have asked Google to “quickly” strengthen the security warnings of Gmail accounts to better protect individuals at higher risk, such as journalists or human rights defenders, from attacks.
HRW has attributed the phishing attack to an Iranian government-affiliated entity known as APT42 and called Charming Kitten. In fact, several security companies have reported campaigns by the aforementioned hacking company that target researchers or civil society groups.