Israel’s National Cyber Directorate issued a warning on Thursday reporting on a significant increase in the scale and sophistication of phishing attacks being executed by Iranian hackers. These attacks aim to recruit Israelis and infiltrate organizational systems in the country.
The attacks employ advanced, targeted methods, including fake job offers, emails alleging to arrive from government agencies, enticing financial proposals and invitations to academic conferences.
A notable example is a supposed job offer from the Rafael Advanced Defense Systems company on LinkedIn which includes a suspicious link for uploading resumes. Clicking the link installs a malicious file granting access to sensitive information.
"Iranian phishing attacks have become more targeted and tailored to the victims' areas of interest," said Tom Alexandrowicz, Head of the Cyber Directorate’s Technological Defense Division. "These attacks are based on data collection and prior research, but with vigilance, people can identify the warning signs."
He noted that phishing messages typically include either a harmful attachment or a link prompting recipients to fill out personal information. Since the outbreak of the war, the Cyber Directorate has identified at least 15 distinct cyberattack campaigns originating in Iran.
Each campaign involved thousands of targeted emails sent to private and public sector entities, aiming to establish an initial foothold in organizations and infiltrate them further using stolen tools and data.
Groups behind the attacks include names like "Black Shadow" and "MuddyWater," which operate under the Iranian regime, sometimes via private companies based in Tehran. These groups focus on espionage, subterfuge, extracting information and psychological terror.
Get the Ynetnews app on your smartphone: Google Play: https://bit.ly/4eJ37pE | Apple App Store: https://bit.ly/3ZL7iNv
For instance, academics have recently received invitations to Zoom meetings and conferences from alleged foreign researchers. These invitations contained links with malicious software. In some cases, emails appeared to come from legitimate accounts with content meticulously tailored based on information gathered about the victims in advance.