14 June 2022

Suspected Iranian hackers targeted former Israeli officials, US ambassador


Suspected Iranian hackers targeted former Israeli officials, US ambassador

State-sponsored hackers believed to be working on behalf of the Iranian government have been running a high-profile spear-phishing operation targeting high-level officials in Israel, including former Foreign Minister and Deputy Prime Minister of Israel Tzipi Livni, an unnamed former Israeli military official and a former US ambassador to Israel.

As part of the operation, which has been active since at least December 2021, the hackers compromised existing accounts of the executives and created fake accounts to lure their targets into long email conversations, according to the Israeli cybersecurity firm Check Point Software Technologies. After exchanging several emails with the target, the attackers would include links to malicious documents or phishing pages.

The researchers believe that the goal of the operation was to collect personal information, passport scans, and access to email accounts.

Attackers targeted accounts by using common hacking techniques such as email phishing and social engineering, the researchers said.

Check Point did not attribute this campaign directly to any known threat actor, but said that based on some evidence the operation may be linked to the Iran-attributed Phosphorus APT group, a hackers group with a long history of conducting high-profile cyber operations, aligned with the interest of the Iranian regime, as well as targeting Israeli officials.

“The Iranian-affiliated Phosphorous APT group continues its spear-phishing activity against targets of the Iranian regime,” CheckPoint wrote in a report. “CPR researchers have solid evidence this operation dates back to December 2021 but could have started even earlier. The most sophisticated part of the operation is the social engineering. The attackers use real hijacked email chains, impersonations to well-known contacts of the targets and specific lures for each target. The operation implements a very targeted phishing chain that is specifically crafted for each target. In addition, the aggressive email engagement of the nation state attacker with the targets is rarely seen in the nation state cyber-attacks.”


Back to the list

Latest Posts

Zero Day Initiative cuts some vulnerability disclosure timelines

Zero Day Initiative cuts some vulnerability disclosure timelines

The new approach is aimed at forcing vendors take a quicker action when it comes to ineffective patches.
17 August 2022
Ransomware gang target UK water supplier but send ransom demand to the wrong company

Ransomware gang target UK water supplier but send ransom demand to the wrong company

The threat actors claimed to have access to water treatment SCADA systems and “these systems which control chemicals in water.”
17 August 2022
Argentina's Judiciary of Cordoba targeted with ransomware

Argentina's Judiciary of Cordoba targeted with ransomware

The incident described as “worst attack on public institutions in history” impacted the agency’s website, digital services and databases.
16 August 2022