In many (most) cases a proper 2FA thwarts these types of remote logins. If you have a hardware key like a Yubikey that can be best, followed by using a TOTP (Time-based One-time Password) authentication app such as Authy (Authy is available across devices, backs up keys, etc and is still available if you lose your phone), and lastly by SMS or e-mail code.
What 2FA does is to prevent anyone easily logging into your account on a new device. Instagram, Google, Facebook, Telegram, Amazon, ProtonMail, and many others offer 2FA.
If you don't you only have yourself to blame for breaches of your accounts.
Reports reveal that hackers have been secretly gathering intelligence on opponents of the Iranian regime, breaking into cellphones and computers and outsmarting apps like Telegram.