Iranian Hackers Try Intercepting Israeli & US Government Emails

Uploaded on 2022-07-19 in INTELLIGENCE-Hot Spots-Iran, FREE TO VIEW

The Israeli cyber security company Check Point Software Technologies was recently alerted to the personalised spear-phishing hacking attempts on government officials. 

Iranian hackers sent fake targeted emails to senior Israeli and American officials and executives, including former Foreign Minister Tzipi Livni and a former US ambassador to Israel, according to the Israeli cyber security firm Check Point.

Check Point was told of the hacks by Tzipi Livni after she received a number of suspicious emails from an email address belonging to a well known former Major General in the IDF who had served in a highly sensitive position. 

The emails were poorly constructed and were written in broken Hebrew. The first email contained a link to a file, which the hackers asked Livni to open and read. When she didn’t, the hackers asked her a number of times to open the file using her email password, which caused her to have suspicions.

After meeting with the former Major General and confirming that he had never sent any such emails to her, she asked Check Point to investigate the incident.

“The spear-phishing infrastructure we exposed puts special focus on high-ranking Israeli officials in the midst of escalating tensions between Israel and Iran,” said the Check Point Report. “The visible purpose of this operation appears to be aimed at gaining access to victims’ inboxes, their personally identifiable information and their identity documents.”

In another case found by Check Point, the Iranian hackers impersonated an American diplomat who had previously served as the US ambassador to Israel in order to target a chairperson of one of Israel's leading security think tanks. The emails by the hackers were also written in poor English.

The hackers created a fake URL shortener service called Litby.us in order to carry out their attacks. The fake service doesn't function and if you try to create a new short URL it asks you to register for the service and send an email. Check Point suspects that once victims enter their account ID, the phishing backend server would send a password recovery request to Yahoo and the hackers would use the authentication code to gain access to the victim's inbox.

Check Point's analysis found an indication that the attacker obtained the scan of the passport of a high profile target and their research has exposed a string of phishing attempts by hackers who targeted envoys, politicians, defense officials, academics, and businesspeople. High profile targets of this operation include:  

  • Tzipi Livni – former Foreign Minister and Deputy Prime Minister of Israel
  • Former Major General who served in a highly sensitive position in the Israeli Defense Forces (IDF)
  • Chair of one of Israel’s leading security think tanks
  • Former US Ambassador to Israel
  • Former Chair of a well known Middle East research centre
  • Senior executive in the Israeli defense industry

Check Point has linked the attack to an Iranian-backed entity because its primary targets were Israeli officials and because a comment in the source code of the phishing page included a domain that has been used by an Iranian hacker group called Phosphorus. The Iranian Phosphorus hacker group has impersonated trustworthy people in the past in attempts to solicit sensitive information from journalists, think tank experts and senior professors. 

  • A report published by the cyber security company Proofpoint in July 2021 discovered that Phosphorus had impersonated British scholars at the University of London's School of Oriental and African Studies.
  • The Phosphorus group has also targeted medical professionals in past attacks. In February 2022, the cyber security firm Cybereason reported an increase in activity by the Phosphorus group, saying that multiple attacks were carried out by the group by exploiting Microsoft Exchange Server vulnerabilities at the end of 2021.
  • In 2019, Microsoft accused Phosphorus hackers of targeting accounts associated with a US presidential campaign.

The group began using a new set of tools that they had developed at the beginning of 2022, including a backdoor for the PowerShell scripting language and a number of open-source tools. Cybereason also found an IP address potentially linking the group to the Memento Ransomware and other tools.

CheckPoint:       JPOst:    Israel Hayom:     Algemeiner:     Daily Caller:    Bloomberg:     Haaretz

You Might Also Read: 

Israel & Iran Locked In Cyber Conflict:
 

« Ransomware Is Driving Cyber Security Professionals To Consider Quitting
A New Era of Ransomware »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Get Cyber Safe

Get Cyber Safe

Get Cyber Safe is a national public awareness campaign created to educate Canadians about Internet security and the simple steps they can take to protect themselves online.

Intrinsic-ID

Intrinsic-ID

Intrinsic-ID's authentication technology creates unique IDs and keys to authenticate chips, data, devices and systems.

Qualitest Group

Qualitest Group

Qualitest is the world’s largest pure play Quality Assurance and software testing company.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

Virsec Systems

Virsec Systems

Virsec detects and remediates previously “indefensible” advanced memory-based attacks on critical applications and server endpoints.

Cyber Security Courses

Cyber Security Courses

Cyber Security Courses was formed to help students in the UK find cyber security courses online.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

Cyberfort Group

Cyberfort Group

Cyberfort exists to provide our clients with the peace-of-mind about the security of their data and the compliance of their business.

Cyber Security Authority (CSA) - Ghana

Cyber Security Authority (CSA) - Ghana

The Cyber Security Authority has been established to regulate cybersecurity activities in Ghana.

Guardz

Guardz

Guardz helps small and growing businesses to go from zero or low cyber protection to having comprehensive security – in the quickest and most straightforward way.

Dataminr

Dataminr

Dataminr Pulse helps organizations strengthen business resilience with AI-powered, real-time risk and event discovery—and the integrated tools to manage responses.

Harmonic Security

Harmonic Security

Harmonic Security helps companies to adopt Generative AI without risking the security and privacy of their data.

RIIG Technology

RIIG Technology

Our mission is to empower organizations with high-quality, verifiable data and advanced intelligence solutions, ensuring robust security and effective risk management.

Security Mind

Security Mind

Security Mind is an innovative Cyber Security Awareness program that aims to increase the awareness of each member of the organization and develop the ability to recognize potential cyber threats.