It had been a while since the last attack from Iranian state-sponsored actors on well known international organizations. However, my recent findings show that they have become active again using their notoriously successful methods of social engineering to attack prominent human rights organizations as well as activists, journalists and human rights defenders.
In May 2020, they sent a phishing link via a fake email address designed to target Iranian staff at an international human rights organization.
Their trick was simple yet believable. An email notified the owner of the account that someone tried to log into their Persian language Twitter account, claiming if they want to be safe that they should visit the link provided in the email and change the password.
The hackers did not stop there. They continued attacking other civil society actors on Twitter and Instagram by offering them the widely coveted “Blue Badge” verification for their social media accounts
Getting a blue badge or verification badge for a social media account is something that Iranian users historically have been willing to purchase. Some people claim that they can get a verification badge in exchange for $1000. Their methods remain a mystery to us, since none of the tech companies sell verification badges.
Knowing that, getting a verification is a thing that many Iranians are looking for to have made a state sponsored-hacker’s attack easy and successful.
In recent months, I have documented more than five social engineering attacks targeting Iranian journalists, activists and even artists by convincing them to share their personally identifiable information in order to get a verification badge.
In these attacks, the hackers trick the victim to enter their identity information, including a picture of their ID, to verify their accounts.
This method has been used to hack not only to hack Twitter but also, hack Instagram accounts. I have found two links which are the exact same type of attacks targeting Instagram accounts.
I also found that hackers have used this infrastructure to attack a non Iranian women rights activist who has a close relationship to some Iranian journalists who are interested in mandatory Hijab issues in Iran.
I believe the cheapest and best way to prevent such an attack is to ask social media companies to provide Persian-language blog posts for their Persian-speaker users to inform them about their policies regarding verification, changing password, two step verification etc. Knowledge is power, if people are aware of social media policies, they can protect themselves from potential attacks. Also when there is a huge need and request for verification, the tech companies should provide a public way for businesses accounts and public figures to request a verification badge.