Israel exposed an Iranian phishing campaign aimed at gathering information about Israeli policies and citizens, the Israel Security Agency (Shin Bet) announced on Sunday.
The Iranian campaign primarily targeted Israeli civil servants and researchers at various research institutes and had been going on for several months, the Shin Bet said.
Fake profiles were employed impersonating Israelis whom would-be victims had been in contact with for professional or personal reasons. The Iranians would make initial contact through a phony LinkedIn profile, then later shift the conversation to email.
Eventually, the Israeli targets would receive an attached file in the guise of an invitation to a conference or an article or study of interest. Opening the file would introduce malicious software that would give the Iranian contact access to the rest of the target’s computer.
The Iranian entity’s appeals were based on information collected about the Israeli targets from social networks and the internet, and the contents of the correspondence and the connection were appropriate to their occupation and interests.
“The awareness and vigilance of the citizens they turned to, along with additional actions by the Shin Bet and the Israeli security system, thwarted the Iranian attempts to achieve their goal,” the Shin Bet said.
The statement did not indicate how many Israelis were contacted or had downloaded the malware.
Israel and Iran have been engaged in years of clandestine cyberwarfare.
Iranian hackers are believed responsible for trying to poison Israel’s water system in 2020, encrypting data at Hillel Yaffe Medical Center in Hadera and demanding a ransom in 2021, and triggering false rocket sirens in 2022.
The major Iranian port of Bandar Abbas was paralyzed for days when computers coordinating the arrival and departure of ships, trains and trucks crashed in 2020. The attack took place shortly after the attack on Israel’s water system and has been widely attributed to Israel.
