Noura Al-Ameer, Syrian opposition activist and former SNC Vice President, has found herself a target of Iranian hackers. A recent report by the Citizen Lab, based at the Munk School of global Affairs at the University of Toronto, Canada, describes an elaborately staged malware operation with targets in the Syrian opposition. The operators have used a range of techniques to target Windows computers and Android phones with the apparent goal of penetrating the computers of well-connected individuals in the Syrian opposition.
According to the 56-page report, elements of the Syrian opposition have been targeted by malware campaigns since the early days of the conflict: regime-linked malware groups, the Syrian Electronic Army, ISIS, and a group linked to Lebanon reported by FireEye in 2015 have all attempted to penetrate opposition computers and communications.
In addition to the four publicly-reported threat actors, the Citizen Lab’s researchers added one more threat actor to the list, which is named “Group5”. Operators of the Group5 are reported to be able to use Iranian Persian dialect too and Iranian hosting companies.
An activist from Homs, Syria, Al-Ameer was detained and tortured in the security branches, later moved to the infamous Adra prison in Damascus, prior to fleeing the country several years ago. She is now a delegate to the SNC’s political council and works to document war crimes committed during the conflict. Her identity was falsely used to register the assadcrimes website.
“Right now, there are probably many journalists, human rights organizations and democracy activists walking around oblivious to the invisible tracking that is going on behind their backs. ” Ron Diebert, the head of the Citizen Lab, wrote in an op-ed and urged for civil society to “wake up the silent epidemic of targeted digital attacks” and “do something about it”.
If you are currently in Syria or heading there, it might be a good idea to get a good VPN suited for Syria.