Iranian Hackers Try Intercepting Israeli & US Government Emails

Uploaded on 2022-07-19 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

The Israeli cyber security company Check Point Software Technologies was recently alerted to the personalised spear-phishing hacking attempts on government officials. 

Iranian hackers sent fake targeted emails to senior Israeli and American officials and executives, including former Foreign Minister Tzipi Livni and a former US ambassador to Israel, according to the Israeli cyber security firm Check Point.

Check Point was told of the hacks by Tzipi Livni after she received a number of suspicious emails from an email address belonging to a well known former Major General in the IDF who had served in a highly sensitive position. 

The emails were poorly constructed and were written in broken Hebrew. The first email contained a link to a file, which the hackers asked Livni to open and read. When she didn’t, the hackers asked her a number of times to open the file using her email password, which caused her to have suspicions.

After meeting with the former Major General and confirming that he had never sent any such emails to her, she asked Check Point to investigate the incident.

“The spear-phishing infrastructure we exposed puts special focus on high-ranking Israeli officials in the midst of escalating tensions between Israel and Iran,” said the Check Point Report. “The visible purpose of this operation appears to be aimed at gaining access to victims’ inboxes, their personally identifiable information and their identity documents.”

In another case found by Check Point, the Iranian hackers impersonated an American diplomat who had previously served as the US ambassador to Israel in order to target a chairperson of one of Israel's leading security think tanks. The emails by the hackers were also written in poor English.

The hackers created a fake URL shortener service called Litby.us in order to carry out their attacks. The fake service doesn't function and if you try to create a new short URL it asks you to register for the service and send an email. Check Point suspects that once victims enter their account ID, the phishing backend server would send a password recovery request to Yahoo and the hackers would use the authentication code to gain access to the victim's inbox.

Check Point's analysis found an indication that the attacker obtained the scan of the passport of a high profile target and their research has exposed a string of phishing attempts by hackers who targeted envoys, politicians, defense officials, academics, and businesspeople. High profile targets of this operation include:  

  • Tzipi Livni – former Foreign Minister and Deputy Prime Minister of Israel
  • Former Major General who served in a highly sensitive position in the Israeli Defense Forces (IDF)
  • Chair of one of Israel’s leading security think tanks
  • Former US Ambassador to Israel
  • Former Chair of a well known Middle East research centre
  • Senior executive in the Israeli defense industry

Check Point has linked the attack to an Iranian-backed entity because its primary targets were Israeli officials and because a comment in the source code of the phishing page included a domain that has been used by an Iranian hacker group called Phosphorus. The Iranian Phosphorus hacker group has impersonated trustworthy people in the past in attempts to solicit sensitive information from journalists, think tank experts and senior professors. 

  • A report published by the cyber security company Proofpoint in July 2021 discovered that Phosphorus had impersonated British scholars at the University of London's School of Oriental and African Studies.
  • The Phosphorus group has also targeted medical professionals in past attacks. In February 2022, the cyber security firm Cybereason reported an increase in activity by the Phosphorus group, saying that multiple attacks were carried out by the group by exploiting Microsoft Exchange Server vulnerabilities at the end of 2021.
  • In 2019, Microsoft accused Phosphorus hackers of targeting accounts associated with a US presidential campaign.

The group began using a new set of tools that they had developed at the beginning of 2022, including a backdoor for the PowerShell scripting language and a number of open-source tools. Cybereason also found an IP address potentially linking the group to the Memento Ransomware and other tools.

CheckPoint:       JPOst:    Israel Hayom:     Algemeiner:     Daily Caller:    Bloomberg:     Haaretz

You Might Also Read: 

Israel & Iran Locked In Cyber Conflict:
 

« Ransomware Is Driving Cyber Security Professionals To Consider Quitting
A New Era of Ransomware »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Security Affairs

Security Affairs

Security Affairs is a blog covering all aspects of cyber security.

Cyber Indemnity Solutions (CIS)

Cyber Indemnity Solutions (CIS)

CIS is an InsurTech company focused on licensing innovative cyber risk insurance solutions to the global insurance industry.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Digitronic Computersysteme

Digitronic Computersysteme

Digitronic focus on innovative software to protect your personal and sensitive corporate data.

Crosscheck Networks

Crosscheck Networks

Crosscheck products allow you to test your APIs across different protocols and message formats with functional automation, performance, and security testing capabilities.

Digital Arts

Digital Arts

Digital Arts provides internet security software and appliance products for companies and individuals.

Guardian Data Destruction

Guardian Data Destruction

Guardian Data Destruction provides a comprehensive suite of onsite e-data destruction services.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

Drip7

Drip7

Drip7 is a micro-learning platform that is re-inventing the way companies train their employees and build lasting cultural change around the importance of cybersecurity.

Phakamo Tech

Phakamo Tech

Phakamo Tech offers a full set of governance, risk, compliance, cybersecurity and Microsoft Cloud services that include consulting, planning, implementation and cyber incident response.

Senserva

Senserva

Senserva delivers a deep analysis for security user accounts and applications within the Microsoft cloud environment.

Aristi Technologies

Aristi Technologies

Aristi provides cybersecurity risk and compliance services to help manage your unique cyber risks, safeguarding your systems and data and complying with government and industry standards.

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

Centre for Cyber Security Research and Innovation (CSRI) - Deakin University

CSRI solves the cyber security threats of tomorrow, today. We work with industry and government leaders on innovative research that has real-world impact.

East Midlands Cyber Resilience Centre (EMCRC)

East Midlands Cyber Resilience Centre (EMCRC)

The East Midlands Cyber Resilience Centre is set up to support and help protect businesses across the region against cyber crime.

Information Technology Solutions (ITS)

Information Technology Solutions (ITS)

Information Technology Solutions is a single source provider for managing and securing mission-critical IT services.

Babble

Babble

Babble is a Unified Comms, Contact Centre and Cyber Solutions provider. We believe in making next-generation technology simple to use, deploy and manage.