Written by AJ Vicens
Jun 14, 2022 | CYBERSCOOP
Hackers possibly affiliated with Iran have been running a spearphishing campaign targeting former Israeli officials, high-ranking military personnel, the head of a leading security think tank and former U.S. ambassador to Israel, researchers with cybersecurity firm Check Point said Tuesday.
The campaign includes spearphishing conducted through both hijacked legitimate and phony email accounts, a fake URL shortener, a credential-harvesting Yahoo-themed phishing page and the use of a legitimate document verification service to obtain targets’ ID or passport scans.
One part of the campaign included a credential-stealing page mocked up as an invite to a “Skier’s Roundtable.” It could have been merely a form designed to steal credentials, the researchers noted, or there’s a chance it was an example of an Iranian plot to lure Israeli targets to overseas events “in a suspected ploy to kidnap them.”
Check Point Research
A similar Iranian operation was exposed last month by the Shin Bet, Israel’s security agency, according to the Jerusalem Post.
Researchers at Israel-based Check Point speculate that the campaign could be the work of Phosphorus, a prolific Iranian government-connected cyber-espionage group also known as APT35, Newscaster Team, Charming Kitten or