Iranian hackers employed phishing techniques to hack into personal accounts of prominent Israeli journalists and public figures, Israeli broadcaster Channel 12 News reported on Monday, without specifying when this cyber operation was conducted.
The Iranian cyberattack used fake identities of publicly known Israeli individuals, among them the prime minister’s adviser and former JNS senior editor Caroline Glick, to lure their victims to what looked like a Google Meet page.
There, they entered their username and password, which gave the hackers access to their Google accounts, including their Gmail.
According to Channel 12, the hackers carefully selected impersonated figures whom the journalists were well familiar with but did not have frequent contact with, to reduce the targets’ suspicion.
The Iranians then made contact apparently via WhatsApp, introducing themselves as well-known figures such as Glick and former Israeli Ambassador to the U.S. Michael Oren.
A message sent to Channel 12’s correspondent Daphna Liel read, “I hope all things are well with you. I always appreciated the commitment and rational method of your work. In light of the current difficult situation, I believe it is important we engage in dialogue and exchange information on the topic of media superiority.”
The text continued, “Part of the documents and testimonies in my possession may be of importance to you too. Presenting the extent of the damage caused in Iran and the destruction across Tehran can strengthen our position in the media battle. I am awaiting your response. Sincerely, Caroline Glick.”
The report did not name other Israelis who fell for the Iranian phishing scheme.
Israel’s security forces have so far this year thwarted 85 cyberattacks against citizens, including senior defense officials, politicians, academia and the media, the Israel Security Agency (Shin Bet) reported on May 29.
According to the Shin Bet, the phishing was designed to gather personal information, including home addresses, relationships and frequented locations. The data was intended to be used by Iranian-backed terrorists to carry out attacks on high-profile Israelis.
Iranian operatives typically made contact via messaging apps such as WhatsApp and Telegram, or email, using a personalized cover story for each target, aligned with his or her field of work.
A common tactic involved sending a fake link to a Google Meet session, prompting the target to enter his or her username and password. By accessing the victim’s Google account, Tehran sought to retrieve emails, passwords for other services, device location data, cloud-stored photos and additional sensitive information.