Iranian Hackers Target US and Israeli Senior Medical Personnel, According to Cybersecurity Firm Report
Iranian hackers have targeted senior American and Israeli medical professionals who specialize in genetic, neurology, and oncology research over the past few months, according to a report by cybersecurity firm Proofpoint published Tuesday.
According to the report, a group of hackers — also known as Charming Kitten and Phosphorus — that is aligned with the Islamic Revolutionary Guard Corps (IRGC) targeted up to 25 senior professionals at a number of medical research organizations located in the US and Israel. Proofpoint pointed out that the attempt to target medical professionals was not typical for the group, which previously had gone after academics, diplomats, journalists and dissidents, in order to collect and exfiltrate the email mailbox contents belonging to typical intelligence targets of the Iranian government, as part of its cooperation with the IRGC.
The group of hackers impersonated the identity of Daniel Zajfman, a well-known Israeli physicist and former President of the Weizmann Institute of Science, by using a Gmail account in his name in an attempt to crack email accounts of medical researchers in the US and Israel.
The malicious emails had the subject line “Nuclear weapons at a glance: Israel” and used “social engineering lures related to Israeli nuclear capabilities” to trick recipients. The emails contained a link leading to a landing site spoofing Microsoft’s OneDrive, along with an image of a PDF document logo. Once a user tried to view and download the PDF document, a Microsoft login page popped up and attempted to obtain personal user account credentials and gather intelligence.
The hacking group “targeting Israeli organizations and individuals is consistent with increased geopolitical tensions between Israel and Iran during 2020,” the report said. “Proofpoint cannot conclusively determine the motivation of actors conducting these campaigns. This campaign may demonstrate an interest in the patient information of the targeted medical personnel or an aim to use the recipients’ accounts in further phishing campaigns.”
In October last year, Microsoft detected and stopped a series of cyberattacks from Phosphorus masquerading as conference organizers to target more than 100 high-profile individuals from heads of state and other world leaders who were potentially planning to attend a Munich Security Conference.
The most recent hacking incident follows “an escalating trend globally of medical research being increasingly targeted by espionage motivated focused threat actors,” according to the report. Globally, cybersecurity attacks targeting healthcare organizations around the world have increased 45% since the start of November — more than double the overall increase in cyberattacks across all sectors recorded during the same period, according to a research report by Israel’s Check Point Software Technologies released in January.
Cybercrime targeting Israeli medical institutions has soared 25% to 813 attacks per week since November, compared to an average of 652 attacks a week previously. The motivation behind the threats were mainly financial.