An Israel-based cybersecurity firm claimed it discovered a personalized hacking campaign against high-level Israeli and U.S. officials attributed to a well-known Iranian hacking group Tuesday.
Iranian hackers sent phishing emails, or messages that appear legitimate but contain links or attachments that download harmful code, to a former U.S. ambassador to Israel, former high-level Israeli officials, academics and a senior executive of an Israeli defense company, according to Check Point. The malware used in the attack resembled the kind a known Iranian hacking group, Phosphorus, utilized in previous attacks, Check Point said.
“The visible purpose of this operation appears to be aimed at gaining access to victims’ inboxes, their Personally Identifiable Information (PII) and their identity documents,” according to Check Point.
Tzipi Livni, a former Israeli foreign minister and deputy prime minister, grew suspicious after receiving multiple emails from someone impersonating a former Israeli Defense Force Major General that directed her to open a link to a file, according to Check Point. Livni approached Check Point to investigate further, the firm said.
Iranian spear-phishing operation against high-ranking officials 🇮🇱🇺🇸
Infrastructure includes:
📎 Litby[.]us – Custom fake URL shortener
📄 https://t.co/cYJJnbnF5Q for identity documents theft
🇮🇷 Connection to Phosphorus APTRead more 👇https://t.co/83DVcpNLeL pic.twitter.com/UrnQdb6jWl
— Check Point Research (@_CPResearch_) June 14, 2022
Check Point did not identify any additional targets by name.
In one attack, the hackers initially directed victims to a document about Israel’s strategy regarding the Iranian nuclear issue published by a leading think tank, the Jerusalem Institute for Strategy and Security. It “was likely only used as a conversation starter by the attacker” to lure victims into clicking additional links, Check Point stated.
In another case, attackers hijacked a legitimate email thread and inserted their own phishing message into it. Hackers were able to send emails to victims using legitimate addresses of known contacts, according to Check Point.
“We had an indication that the attacker obtained the Passport scan of another high end target,” Check Point claimed.
“This campaign exhibits several characteristics signaling to an Iranian backed entity,” the researchers wrote, claiming that Israeli officials make an attractive target for Iranian state-backed hacking groups.
The researchers identified source code containing a domain name that Phosphorus used to access system credentials, according to a Microsoft report. (RELATED: Hackers Take Over the Jerusalem Post, Show Former General Killed By Trump Admin On Website)
Phosphorus has a history of targeting individuals and politicians involved in highly-sensitive political matters. The group mounted an email hacking campaign against attendees of the Munich Security Conference and Think 20 Summit in Saudi Arabia in 2020.
The FBI attributed a 2021 cyberattack on Boston Children’s Hospital to Iranian state-backed hackers in June, but did not reveal the name of the group or individual responsible.
Check Point did not immediately respond to The Daily Caller News Foundation’s request for comment. Livni could not be reached for comment.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.