How hackers used WhatsApp, LinkedIn to target human rights activists
Phishing is a common hacking technique, but in some cases, it can be deployed to do more damage than you can possibly imagine. Case in point: A report from ClearSky, an Israeli cybersecurity firm, that says a group of hackers associated with the Iranian government used WhatsApp and LinkedIn to attack human rights' activists and journalists specializing in the internal affairs of the country.
Hackers posed as journalists to target victims
According to the report, between July and August of this year, the hackers, believed to be from Iran-linked cyberwarfare group CharmingKitten, contacted certain human rights' activists, academia scholars, and journalists with expertise in Iranian affairs. They reached out to these unsuspecting people through email and LinkedIn by posing as Persian-speaking journalists working for German broadcasting company Deutsche Welle and Jewish Journal magazine.
As the target responded, they arranged a call with them
Once the targets responded on LinkedIn, the hacker group arranged WhatsApp calls and conversations with them to discuss matters related to Iran (like freedom of women) and gain their trust in the process. The report does not mention the name of the people targeted but says that the hackers tried luring the victims by asking them to be guest speakers at online webinars, meetings.
Finally, they asked the victims to open the "webinars" link
As and when the victims agreed to attend the so-called webinar, the hackers sent a 'joining link,' directing them to a compromised Deutsche Welle domain. This site looked legit but either hosted a phishing page aimed at stealing confidential credentials - usernames and passwords - or a ZIP file that injected a strain of malware onto the victims' PCs.
CharmingKitten's first attack through WhatsApp calls
ClearSky says CharmingKitten's attackers have previously posed as journalists to compromise scholars but they never used WhatsApp calls and LinkedIn (only SMSes/emails) for social engineering. "This TTP [technique, tactic, procedure] is uncommon," Ohad Zaidenberg, ClearSky's lead researcher said, noting that "if the attackers have successfully passed the phone call obstacle, they can gain more trust from the victim, compared to an email message."
How to avoid such attacks?
Given that phishing attacks have increased and are continuously evolving, you should be extremely cautious while interacting with any unknown party on the web or phone. They could be offering something, raising warning alarms, which may require you to divulge some information or click on a link. Just don't do that and be sure to verify the authenticity of the person contacting.
