by Rebecca White

A sophisticated hacking campaign by a mercenary spyware company targeting Google’s Android operating system has been exposed by Amnesty International’s Security Lab.

Attackers who use phishing scams to target human rights defenders in the Middle East and North Africa (MENA) are developing increasingly sophisticated techniques to infiltrate their accounts and evade digital security tools, according to new research published by Amnesty Tech. 

In December 2018, Amnesty International documented widespread targeted phishing attacks against human rights defenders (HRDs) in the Middle-East and North Africa, in the report “When Best Practice Isn’t Good Enough”. That report documented how attackers had specifically developed techniques to target HRDs who had taken extra steps to secure their online accounts, such as by using more secure, privacy-respecting email providers, or enabling two-factor authentication on their online accounts.

From the arsenal of tools and tactics used for targeted surveillance, phishing remains one of the most common and insidious form of attack affecting civil society around the world. More and more Human Rights Defenders (HRDs) have become aware of these threats. Many have taken steps to increase their resilience to such tactics. These often include using more secure, privacy-respecting email providers, or enabling two-factor authentication on their online accounts.