Report: Iranian Hackers Said to Target Senior Israeli Military Officials, US Diplomat
Suspected Iranian hackers have recently led a targeted attack on e-mail accounts of former senior Israeli and US government officials to steal personal identity information, according to a report by an Israeli cybersecurity firm.
Among the targets were Tzipi Livni, a former foreign and justice minister, an unnamed former US Ambassador to Israel, an unnamed former IDF Major General who served in a “highly sensitive” position, an unnamed senior executive in the Israeli defense industry, as well as an unnamed chairperson of one of Israel’s leading security think tanks, and an unnamed former chairperson of a well-known Middle East research centre, according to the report.
“The spear-phishing infrastructure we exposed puts special focus on high-ranking Israeli officials in the midst of escalating tensions between Israel and Iran,” the report said. “The visible purpose of this operation appears to be aimed at gaining access to victims’ inboxes, their personally identifiable information and their identity documents.”
The firm, Check Point Software Technologies, found that the attackers used fake email accounts to impersonate trusted parties.
“To establish deeper trust with new targets, the threat actors performed an account takeover of some victims’ inboxes, and then hijacked existing email conversations to start attacks from an already existing email conversation between a target and a trusted party and continue that conversation in that guise,” Check Point said. “The conversations in many cases reference Iran and Israel security issues.”
The attackers also used a legitimate identity verification service to try and steal identity documents.
The attackers successfully hacked into the email account of a former high ranking IDF officer who had previous correspondence with Livni and sent an email from his account. The email contained a document, which the hacker asked Livni to open and read. After she failed to respond, the attacker asked her several times to open the file using her email password, which made her suspicious prompting her to contact the former IDF official.
In another case the attackers posed as the former US ambassador to Israel and targeted the chairperson of one of Israel’s leading security think tanks.
Analysis by Check Point showed that the phishing operation is likely linked to Iran as the hackers used a domain which was previously used in another attack by the Iranian-affiliated APT group dubbed Phosphorus.
“The group has a long history of conducting high-profile cyber operations, aligned with the interest of the Iranian regime, as well as targeting Israeli officials,” the report said. “With recent assassinations of Iranian officials (some affiliated with the Israeli Mossad), and the thwarted attempt to kidnap Israeli citizens worldwide, we suspect that Phosphorous will continue with its ongoing efforts in the future.”