Members of Amnesty International say that Egyptian authorities are behind a recent wave of spear-phishing attacks that have targeted prominent local human rights defenders, media, and civil society organizations' staff.
The attacks used a relatively new spear-phishing technique called "OAuth phishing," Amnesty experts said.
OAuth phishing is when attackers aim to steal a user account's OAuth token instead of the account password.
When a user grants a third-party app the right to access their account, the app receives an OAuth token instead of the user's password. These tokens work as authorization until the user revokes their access.
Amnesty investigators said that in the recent spear-phishing campaign that targeted Egyptian activists, authorities created Gmail third-party apps through which they gained access to victim's accounts.
Victims would receive an email that looked like a legitimate Gmail security alert...
, but when they clicked the link, they'd be redirected to a page where a third-party app would request access to their account.
Once the victim granted the app access to their Gmail account, the user would be redirected to the account's legitimate security settings page where they'd be left to change their password.
Even if the victim changes their password, at this point, the phishers would still have access to the account via the newly acquired OAuth token.
This spear-phishing campaign wasn't limited to Gmail alone, and according to an Amnesty International report, the attackers also targeted Yahoo, Outlook and Hotmail users.
Furthermore, the list of targeted victims targeted by this recent OAuth phishing campaign "had significant overlaps" with another spear-phishing operation that took place in 2017, also linked to the Egyptian authorities, Amnesty experts said.
The spear-phishing campaign is no surprise. In the past two years, the Egyptian government has cracked down on civil liberty advocates, NGOs, and journalists.
Egyptian authorities recently passed a repressive NGO law, started criminal investigations into foreign-funded NGOs, at least 30 human rights NGO staff and directors have been banned from travel, and seven NGOs and 10 individuals have had their assets frozen.
Related cyber-security coverage:
- Ransomware attack on Israeli users fails miserably due to coding error
- NSA releases Ghidra, a free software reverse engineering toolkit
- Japanese police charge 13-year-old for sharing 'unclosable popup' prank online
- WordPress accounted for 90 percent of all hacked CMS sites in 2018
- Researchers uncover ring of GitHub accounts promoting 300+ backdoored apps
- Firefox to add Tor Browser anti-fingerprinting technique called letterboxing
- Malware can now evade cloud security tools TechRepublic
- Cryptomining malware discovered masquerading as Flash updates CNET