Iranian cyberattack against Israeli officials: This is the method

December 2, 2024   

In recent months, the General Security Service has exposed a 'phishing' campaign by Iranian officials targeting Israeli citizens, some of whom are senior figures in the security establishment, political figures, academics, and media figures. Jerusalem wants mountain air: These are the vehicles that are banned from entering the city ""They built a dedicated cover story for each victim, depending on the content world they are involved in," the Shin Bet said. The goal of the Iranian campaign was to gain access to computer media - e-mail, computer, smartphone - of the Israeli figures it wanted to 'attack', in order to obtain personal information about them, such as residential addresses, personal contacts, and places where they regularly stay. The Shin Bet estimates that the information collection was intended to be used by Iranian elements to carry out an attack against figures in Israel, using Israeli squads they recruited in the country. In recent months, the Shin Bet and the Israel Police have thwarted nine attempts by Israelis recruited by the Iranians to carry out missions in Israel. As part of Shin Bet activity, it emerged that approximately 200 different cyberattacks were carried out on devices and computers of Israeli figures. Iranian officials usually make inquiries via WhatsApp, Telegram, or email, while building a dedicated cover story for each victim, depending on the content they are dealing with, so that the inquiry will not appear as an exception. Upon identifying the campaign and after a lengthy investigation that led to understanding the scope and locating the citizens who were attacked, the Shin Bet began a broad operation to update the citizens who were attacked, brief them, and instruct them to improve their security. This is how the method works  The Shin Bet also explains how the Iranian intelligence method works. This is done through a request that aims to cause people to download an 'application' that will install a malicious tool on their computer/mobile device, or to redirect them to a website that pretends to be a legitimate service, where they are required to enter login information for their private/corporate email account.

Documentation released by the Shin Bet: Impersonation of Government Secretary Yossi Fox

After the attacked device has performed one of the two actions and the user has entered the email and password where they were directed, the attacker 'steals' the login information and thus gains 'access' to the attacked's email/computer. In September, Kan News revealed that one of the attempted attacks was made by impersonating Government Secretary Yossi Fox. A Shin Bet source said: "This is another significant threat in the campaign that Iran is waging against Israel, the purpose of which is to carry out an assassination attack. We ask that you be vigilant, since cyberattacks of this type can be avoided before they occur through awareness, caution, suspicion, and preventive and correct behavior online.".