Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal
Over the course of 2016 and particularly intensifying towards the end of the year several individuals known to Amnesty International were approached via email and through social media by Safeena Malik, seemingly an enthusiastic activist with a strong interest in human rights. What lied beneath this facade was a well-engineered campaign of phishing attacks designed to steal credentials and spy on the activity of dozens of journalists, human rights defenders, trade unions and labour rights activists, many of whom are seemingly involved in the issue of migrants rights in Qatar and Nepal.
Our investigation of the attacks didnt yield any evidence that would indicate the conclusive responsibility of a particular government, although we suspect these attacks might have been orchestrated by a state-affiliated actor. We refer to this campaign and the associated actor as Operation Kingphish (Malik, in one of its written forms in Arabic, translates to King).
...
The various social media accounts communicated regularly with several of the victims we identified, often for many months. It appears that the attackers may have impersonated the identity of a real young woman and stole her pictures to construct the fake profile, along with a professional biography also stolen from yet another person. The emails and messages sent by the fake Safeena Malik would normally be timed around before, and following the delivery of yet another attempt at phishing the credentials of the designated victims.
...
The page is designed to mimic a standard Google login page, with a high degree of accuracy. While most common phishing pages would only provide an empty form to enter an email address and password, this one instead is configured to display the profile picture, the account name, and the email address of the victim. This is obscured in the above screenshot to protect the privacy of the victim.
https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.j24adumvn
As Amnesty International points out, Nepalis are one of the largest groups in the workers in Qatar, where dangerous conditions are killing many of them in the construction of soccer World Cup stadia for 2022. The Qatari government has a lot to gain by spying on journalists, trade unionists and human rights workers looking at Nepal and Qatar.