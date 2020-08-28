Phishing is a common hacking technique, but in some cases, it can be deployed to do more damage than you can possibly imagine. Case in point: A report from ClearSky, an Israeli cybersecurity firm, that says a group of hackers associated with the Iranian government used WhatsApp and LinkedIn to attack human rights' activists and journalists specializing in the internal affairs of the country.

Attack Hackers posed as journalists to target victims

According to the report, between July and August of this year, the hackers, believed to be from Iran-linked cyberwarfare group CharmingKitten, contacted certain human rights' activists, academia scholars, and journalists with expertise in Iranian affairs. They reached out to these unsuspecting people through email and LinkedIn by posing as Persian-speaking journalists working for German broadcasting company Deutsche Welle and Jewish Journal magazine.

Call As the target responded, they arranged a call with them

Once the targets responded on LinkedIn, the hacker group arranged WhatsApp calls and conversations with them to discuss matters related to Iran (like freedom of women) and gain their trust in the process. The report does not mention the name of the people targeted but says that the hackers tried luring the victims by asking them to be guest speakers at online webinars, meetings.

Attack Finally, they asked the victims to open the "webinars" link

As and when the victims agreed to attend the so-called webinar, the hackers sent a 'joining link,' directing them to a compromised Deutsche Welle domain. This site looked legit but either hosted a phishing page aimed at stealing confidential credentials - usernames and passwords - or a ZIP file that injected a strain of malware onto the victims' PCs.

Escalation CharmingKitten's first attack through WhatsApp calls

ClearSky says CharmingKitten's attackers have previously posed as journalists to compromise scholars but they never used WhatsApp calls and LinkedIn (only SMSes/emails) for social engineering. "This TTP [technique, tactic, procedure] is uncommon," Ohad Zaidenberg, ClearSky's lead researcher said, noting that "if the attackers have successfully passed the phone call obstacle, they can gain more trust from the victim, compared to an email message."

Safety How to avoid such attacks?