Researchers uncover possible Iranian-backed phishing scam

Canadian researchers at Citizen Lab released a report today describing a phishing campaign being conducted against Iranian dissidents and how utilising a two-factor authentication (2FA) tool helped fo
Canadian researchers at Citizen Lab released a report today describing a phishing campaign being conducted against Iranian dissidents and how utilising a two-factor authentication (2FA) tool helped fo

Researchers at Citizen Lab at the Munk School of Global Affairs at the University of Toronto released a report today describing a phishing campaign conducted against Iranian dissidents and how utilising a two-factor authentication (2FA) tool helped foil most of the attacks.

Citizen Lab would not specifically name who was behind the attacks, but the team did point out that previous politically-oriented phishing campaigns that used the same tactics were linked to Iranian groups.

John Scott Railton, a senior researcher at Citizen Labs told SCmagazine.com, said the attacks were conducted against Iranian dissidents. He would not divulge the exact number of victims involved nor point out the what the goal was other than to say all but one victim lived outside of Iran and any information grabbed would likely be used for nefarious purposes.

“Once they [the attackers] get into their [victims'] email they can get a lot of information which can be used in many ways,” he said.

The attacks were particularly dangerous and well planned the report stated as “these attackers have clearly conducted some detailed research into their targets' activities, further suggesting a highly targeted attack.”

Railton added that the vast majority of the attacks failed because the victims were using 2FA, which makes it much harder for any hacker to complete their mission.

“In this case, attackers had to phish two pieces of information: the password and the two-factor authentication code," the report said. "The deception had to last through an entire falsified login flow. This approach required a more involved deception than a simple one-off phish, which the attackers may have learned through trial and error.”

This article was first published in our sister publication SC Magazine.