Cyberattackers sought to hack the devices of U.S. lawmakers by pushing links to spyware via social media posts disguised as news items, according to a new report from Amnesty International.
Vietnam-linked hackers allegedly served the malware over the platform X, where the links designed to infect lawmakers’ devices displayed preview images suggesting they were South China Morning Post articles.
Two Republicans, Rep. Michael McCaul of Texas and Sen. John Hoeven of North Dakota, and two Democrats, Sens. Chris Murphy of Connecticut and Gary Peters of Michigan, were among the hacking targets.
Amnesty International said Monday the hacking tools used in the attempted breaches were supplied by the Intellexa alliance, a group of surveillance technology companies.
“These findings are just the tip of the iceberg,” the Amnesty International report said. “As surveillance companies and their state clients continue to hide behind the rhetoric of national security and confidentiality to evade transparency and accountability, the actual scale and breadth of unlawful targeting using tools supplied by the Intellexa alliance is likely to be much higher.”
Using the alias @Joseph_Gordon16, hackers sent public tweets and replies on X linking to spyware.
In response to a tweet from Taiwanese President Tsai Ing-Wen that tagged Mr. Hoeven’s account and displayed a photo of them together, the @Joseph_Gordon16 account replied on April 14 with a malicious link.
The hackers used a similar approach to target Mr. McCaul. Hackers used the same account and link in an April 14 tweet replying to an original post from the Ministry of Foreign Affairs of Taiwan that had tagged Mr. McCaul.
Both Mr. Hoeven and Mr. McCaul’s accounts automatically received the malicious link designed to penetrate devices. Accounts for Mr. Peters and Mr. Murphy were separately targeted on June 23.
Amnesty International said it and the European Investigative Collaborations group found evidence that the surveillance products used in the attempted hacking were sold to the Vietnamese Ministry of Public Security.
The Amnesty report said Vietnamese officials or others acting on their behalf may be behind the hacking effort, and the report said Google confirmed it associated the spyware campaign with Vietnam.
Whether devices associated with the lawmakers’ accounts were breached is not immediately known.
Google informed Mr. Murphy’s office of the hacking attempt, according to The Washington Post, which worked with the European Investigative Collaborations group.
The four lawmakers’ offices did not immediately respond to requests for comment on Monday.
The four lawmakers were far from the only ones in the crosshairs of the hacking campaign. Amnesty International said hackers aimed at a minimum of 50 accounts on X and Facebook as part of the hacking campaign between February and June 23.
Targets also included government officials in Taiwan and Europe, United Nations officials, think tanks and academics, journalists and diplomats.
“Let’s make no mistake: the victims are all of us, our societies, good governance and everyone’s human rights,” Amnesty International’s Agnes Callamard said on the group’s website.