(Bloomberg) -- Iranian government-backed hackers targeted nearly two dozen high-profile activists, journalists, diplomats and others in recent months as part of an ongoing espionage effort, two human-rights groups said Monday.
In three cases, hackers gained access to the victims’ emails, contacts and other data, according to Human Rights Watch and Amnesty International, which published the analysis. The hackers also attempted a Google Takeout, which allows users to download their complete Google account including messages, cloud storage and other sensitive information.
Iran’s Ministry of Foreign Affairs didn’t respond to calls asking for comment during the late evening Monday in Tehran.
In recent months, the human-rights organizations contacted 18 of the individuals who were targeted. Researchers found that most received the same WhatsApp message that directed victims to fake login pages, where hackers tried to steal their usernames, passwords and authentication codes. Victims included an unnamed correspondent for a US newspaper and a women’s-rights activist, the groups said.
The hackers’ efforts come amid widespread protests in Iran following the September death of Mahsa Amini, who was detained by the morality police for allegedly violating Iran’s strict dress code. Iranian authorities have tried to suppress demonstrations with force. The victims of the cyber-espionage weren’t named.
“Iran’s state-backed hackers are aggressively using sophisticated social engineering and credential-harvesting tactics to access sensitive information and contacts held by Middle East-focused researchers and civil society groups,” Abir Ghattas, information security director at Human Rights Watch, said in the report.
The intelligence-gathering efforts were conducted by the Iranian-backed group APT42, researchers said. Mandiant Inc., which detailed the group’s operations in September, believes that APT42 operates on behalf of Iran’s Islamic Revolutionary Guard Corps.
In the report, Human Rights Watch criticized Alphabet Inc.’s Google, saying the company didn’t do enough to safeguard its users’ data. Google didn’t immediately respond to a request for comment.
--With assistance from Golnar Motevalli.
©2022 Bloomberg L.P.