Israeli Cyber Company Exposes Iranian Operation Targeting Former Senior Israeli and US Officials

0
62
Infographic of Cyber Attack. Mar 5, 2020. Photo by Kobi Richter/TPS *** Local Caption *** ??????????? ?? ????? ????? ??????? ????? ???? ??????
By Aryeh Savir/TPS • 14 June, 2022

Jerusalem, 14 June, 2022 (TPS) — The Israeli Check Point cybersecurity company has uncovered a recent Iranian-based spear-phishing operation targeting former Israeli officials, high-ranking IDF personnel, research fellows in research institutions, think tanks, and Israeli citizens.

The company revealed Tuesday that the Iranian hackers used a custom phishing infrastructure, as well as a wide array of fake email accounts to impersonate trusted parties.

To establish deeper trust with the targets, the threat actors performed an account takeover of some victims’ inboxes and then hijacked existing email conversations to start attacks from an already existing email conversation between a target and a trusted party and continue that conversation in that guise.

To facilitate their spear-phishing operation, the attackers utilized a legitimate identity verification service for the theft of identity documents.

Subcribe to The Jewish Link Eblast

“The recent escalating tensions between Israel and Iran, followed by the Israeli official publication uncovering evidence of Iranian cyber operations leading to actions outside of the cyber domain, could shed more light on the real purpose of the infrastructure we describe in this report,” Check Point stated.

Tzipi Livni, Israel’s former Foreign Minister and Deputy Prime Minister, was one of the targets, as well as a former IDF Major General who served in a highly sensitive position, the chair of one of Israel’s leading security think tanks, a former US Ambassador to Israel, a former Chair of a well-known Middle East research Center, and senior executive in the Israeli defense industry.

Check Point said that this campaign exhibits several characteristics signaling to an Iranian-backed entity as “Israeli officials are a constant prime target for Iranian state entities.”

Furthermore, the fake Yahoo login page was copied from an Iranian IP address, as well as the connection to the Iran-attributed Phosphorus APT group.

Iran and Israel have been engaged in cyber warfare in recent years, with Iran attacking a broad array of targets, and Israel focusing on Iran’s nuclear program.

Israel has also reportedly carried out several successful cyberattacks against critical Iranian infrastructure.

Reuven Eliyahu, chief technology officer at the Ministry of Health, told the Knesset in November 2021 that Israel’s health system faces some 100,000 attacks on a monthly basis.

In October 2021, the Iranian Black Shadow group hacked multiple Israeli sites. Earlier that month, the Hillel Yaffe Medical Center’s computer system crashed after experiencing a ransom cyberattack. It took the hospital over a month to fully recover its systems.

LEAVE A REPLY

Please enter your comment!
Please enter your name here