Iranian Hackers Try Intercepting Israeli & US Government Emails

Uploaded on 2022-07-19 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

The Israeli cyber security company Check Point Software Technologies was recently alerted to the personalised spear-phishing hacking attempts on government officials. 

Iranian hackers sent fake targeted emails to senior Israeli and American officials and executives, including former Foreign Minister Tzipi Livni and a former US ambassador to Israel, according to the Israeli cyber security firm Check Point.

Check Point was told of the hacks by Tzipi Livni after she received a number of suspicious emails from an email address belonging to a well known former Major General in the IDF who had served in a highly sensitive position. 

The emails were poorly constructed and were written in broken Hebrew. The first email contained a link to a file, which the hackers asked Livni to open and read. When she didn’t, the hackers asked her a number of times to open the file using her email password, which caused her to have suspicions.

After meeting with the former Major General and confirming that he had never sent any such emails to her, she asked Check Point to investigate the incident.

“The spear-phishing infrastructure we exposed puts special focus on high-ranking Israeli officials in the midst of escalating tensions between Israel and Iran,” said the Check Point Report. “The visible purpose of this operation appears to be aimed at gaining access to victims’ inboxes, their personally identifiable information and their identity documents.”

In another case found by Check Point, the Iranian hackers impersonated an American diplomat who had previously served as the US ambassador to Israel in order to target a chairperson of one of Israel's leading security think tanks. The emails by the hackers were also written in poor English.

The hackers created a fake URL shortener service called Litby.us in order to carry out their attacks. The fake service doesn't function and if you try to create a new short URL it asks you to register for the service and send an email. Check Point suspects that once victims enter their account ID, the phishing backend server would send a password recovery request to Yahoo and the hackers would use the authentication code to gain access to the victim's inbox.

Check Point's analysis found an indication that the attacker obtained the scan of the passport of a high profile target and their research has exposed a string of phishing attempts by hackers who targeted envoys, politicians, defense officials, academics, and businesspeople. High profile targets of this operation include:  

  • Tzipi Livni – former Foreign Minister and Deputy Prime Minister of Israel
  • Former Major General who served in a highly sensitive position in the Israeli Defense Forces (IDF)
  • Chair of one of Israel’s leading security think tanks
  • Former US Ambassador to Israel
  • Former Chair of a well known Middle East research centre
  • Senior executive in the Israeli defense industry

Check Point has linked the attack to an Iranian-backed entity because its primary targets were Israeli officials and because a comment in the source code of the phishing page included a domain that has been used by an Iranian hacker group called Phosphorus. The Iranian Phosphorus hacker group has impersonated trustworthy people in the past in attempts to solicit sensitive information from journalists, think tank experts and senior professors. 

  • A report published by the cyber security company Proofpoint in July 2021 discovered that Phosphorus had impersonated British scholars at the University of London's School of Oriental and African Studies.
  • The Phosphorus group has also targeted medical professionals in past attacks. In February 2022, the cyber security firm Cybereason reported an increase in activity by the Phosphorus group, saying that multiple attacks were carried out by the group by exploiting Microsoft Exchange Server vulnerabilities at the end of 2021.
  • In 2019, Microsoft accused Phosphorus hackers of targeting accounts associated with a US presidential campaign.

The group began using a new set of tools that they had developed at the beginning of 2022, including a backdoor for the PowerShell scripting language and a number of open-source tools. Cybereason also found an IP address potentially linking the group to the Memento Ransomware and other tools.

CheckPoint:       JPOst:    Israel Hayom:     Algemeiner:     Daily Caller:    Bloomberg:     Haaretz

You Might Also Read: 

Israel & Iran Locked In Cyber Conflict:
 

« Ransomware Is Driving Cyber Security Professionals To Consider Quitting
A New Era of Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

One Identity

One Identity

One Identity delivers identity governance, access management, and privileged account management solutions that facilitate and secure your digital transformation.

Prevalent

Prevalent

Prevalent takes the pain out of third-party risk management. Companies use our services to eliminate the security and compliance exposures that come from working with vendors and suppliers.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

Nameshield Group

Nameshield Group

Nameshield is one of most experienced domain name registrars, trademark protection specialists and managers of online reputational risk in the world today.

Cyber Ireland

Cyber Ireland

Cyber Ireland brings together Industry, Academia and Government to represent the needs of the Cyber Security Ecosystem in Ireland.

Precursor Security

Precursor Security

Precursor Security are information security specialist, delivering all aspects of Security testing, Cyber Risk Management, and Continuous Security Testing.

NSR

NSR

NSR provide trusted solutions that deliver positive business outcomes for our clients in cybersecurity and data protection challenges.

TryHackMe

TryHackMe

TryHackMe is an online platform that teaches cyber security through short, gamified real-world labs. We have content for both complete beginners and seasoned hackers.

West Midlands Cyber Resilience Centre (WMCRC)

West Midlands Cyber Resilience Centre (WMCRC)

The East Midlands Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

CybersCool Defcon

CybersCool Defcon

CybersCool is committed to educate and train, re-skill and up-skill the current workforce of various industries and businesses in the knowledge and know-how of cybersecurity.

Northrop Grumman

Northrop Grumman

Northrop Grumman is a global provider and integrator of complex, advanced and rapidly adapting information technology, cybersecurity, mobility and optimized services and solutions.

QANplatform

QANplatform

QANplatform is a Quantum-resistant hybrid blockchain platform.

Nightwing

Nightwing

Nightwing is the intelligence services company that continually redefines the edge of the possible to keep advancing our national security interests.

Abissi

Abissi

Abissi offer cyber intelligence, IoT security, automotive security, red teaming, application security and artificial intelligence security services, with a focus on security by design.

Cyber Guards

Cyber Guards

Cyber Guards provide comprehensive, turn-key cyber security programs for small and mid-size business for about the cost of one full-time cybersecurity hire.

Cyberagentur (Cyber Agency)

Cyberagentur (Cyber Agency)

Cyberagentur is the Federal Agency in Germany for innovation in cybersecurity. Our mission is to advance research and groundbreaking innovations in the field of cybersecurity and related technologies.