Amnesty International reports an intricate phishing campaign may have been used to spy on “journalists, human rights defenders, trade unions and labour rights activists, many of whom are seemingly involved in the issue of migrants’ rights in Qatar and Nepal.”
The campaign revolves around the reportedly fictitious persona of Safeena Malik — if real, Malik has not responded to requests for comment. Malik, purportedly a British-educated human rights activist in the United Arab Emirates, has a full portfolio of social media profiles that date back as far as 2014, including a LinkedIn resume with 500 contacts.
“The attacks have been coming irregularly throughout the year, and have always been complemented with direct conversations with the targets,” said Claudio Guarnieri, Amnesty International’s senior technologist and a senior researcher at the University of Toronto’s Citizen Lab, which traces state hacking against dissidents, journalists and other civilian targets.
“They also clearly looked into identifying more ‘interesting’ people by building relationships over social networks, and finding their way into thematic groups. On top of a pretty well-orchestrated phishing strategy. So all in all, for the type of attack, is one of most well done I've observed.”
According to Amnesty International, Malik would build relationships with targets over social media, eventually asking them for help with online projects, including slides for presentations on human trafficking. The slides were stored in a Google Drive account, but the link to the slides was routed through a site identical to the Google login page requesting, and stealing, users' credentials.
In the slide example, Amnesty claims the PowerPoint presentation seen by a target was authentic looking and actually stolen from a real presentation.
Internet addresses associated with the attacks tracked to an internet service provider in Qatar, though Qatar denied to Amnesty being involved in the attacks.
Qatar’s use of migrants in construction projects, including set up for its upcoming World Cup, has concerned human rights groups, with low pay, dangerous conditions and reports of forced labor. Nepali laborers make up a substantial portion of that workforce.