Illustrative. An IDF soldier from the C4I Corps types on a computer. (IDF Spokesperson’s Unit)
Iranian hackers were behind a spear-phishing operation that targeted high-ranking Israeli and Israel-linked targets, including former foreign minister Tzipi Livni, the Israeli cybersecurity firm Check Point Research revealed in a report released on June 14.
In a statement, the firm said that the hackers employed a wide array of fake email accounts to impersonate trusted parties, take over the targets’ accounts, steal information and use it to attack new targets.
The targets of the operation included a well-known former major general in the Israel military who served in a “highly sensitive position,” the current chairperson of one of Israel’s leading security think tanks, the former chairperson of a well-known Middle East research center, a senior executive in the Israeli defense industry and a former US ambassador to Israel.
“[The hackers] performed an account takeover of some victims’ inboxes and then hijacked existing email conversations to start attacks from an already existing email conversation between a target and a trusted party and continue that conversation in that guise,” Check Point’s report reads.
For example, the email account of the unnamed major general was hacked and was used to target Tzipi Livni. The hackers asked the former minister enter her email password in a trojan file that had invited her to attend a conference abroad. Livni asked Check Point to investigate the suspicious emails it received after meeting with the general who denied sending them.
“The visible purpose of this operation appears to be… gaining access to victims’ inboxes, their personally identifiable information and their identity documents,” Check Point said.
Check Point said that the operation was likely carried out by an Iranian group called Phosphorus. The hacking group conducted similar cyber operations against Israeli officials in the past.
Iranian cyber operations against Israel have been on the rise for quite some time now. In the last few months, Israeli security forces unveiled several Iranian cyber operations which were meant to collect intelligence and recruit spies.
Check Point released its report just two days after media reports about an Iranian plot to attack Israelis in Turkey that was foiled by Israeli and Turkish security forces in May.
