Iranian Hacking Group Targets Israeli Professionals with Phishing Campaigns
Background on Threat Actor
An Iranian hacking collective, believed to have ties to the Islamic Revolutionary Guard Corps (IRGC), has launched a targeted phishing campaign against journalists, cybersecurity experts, and computer science educators in Israel. This initiative is part of a broader strategy by the group, identified as Educated Manticore, which is recognized for its advanced persistent threat (APT) tactics and social engineering maneuvers.
Nature of the Attack
According to a report by cybersecurity firm Check Point, the attackers have cleverly disguised themselves as fake assistants to various technology executives and researchers. They approached their targets through emails and WhatsApp messages, luring them into a web of deceit designed to harvest sensitive information. Victims were directed to fraudulent Gmail login pages or Google Meet invitations, showcasing the attackers’ meticulous planning and execution.
Identifying the Threat Cluster
The activities of this actor are associated with a larger network that includes several other known threat groups, such as APT35, Charming Kitten, and CALANQUE, among others. These the threat cluster illustrates a well-coordinated effort to exploit technology professionals, using sophisticated methods to gain access to private information.
Current Wave of Attacks
The recent intensity of these attacks surged following the outbreak of the Iran-Israel conflict in mid-June 2025. Check Point reported that the attackers tailored their messages to exploit the heightened tensions, appealing to victims’ sense of urgency by requesting immediate assistance with an AI-driven threat detection system. This method effectively plays on the anxiety surrounding ongoing cyber threats, making the victims more susceptible to manipulation.
The Role of Artificial Intelligence
One particularly alarming aspect of these phishing attempts is the application of artificial intelligence tools in crafting messages. The attackers structured their communications in a professional manner, free from grammatical errors, which significantly boosts their credibility. This sophistication makes it harder for victims to detect the malicious intent behind these interactions.
Social Engineering Techniques
The engage-and-trust model utilized by Educated Manticore mirrors previous schemes employed by groups like Charming Kitten. The initial outreach is deliberately benign and lacks any overt malicious intent, building rapport with victims over time. After establishing trust, the attackers share links to phishing sites disguised as legitimate login portals for Google accounts.
Check Point detailed that before sending these phishing links, the attackers request the victim’s email address. This pre-filling tactic is designed to enhance the scam’s credibility, creating an illusion of authenticity that mimics a legitimate Google authentication process.
Advanced Phishing Kit Features
The customized phishing kit employed by the attackers significantly boosts their capability to capture not just login credentials but also two-factor authentication (2FA) codes. This facilitates highly effective 2FA relay attacks. The kit incorporates a passive keylogger, which records every keystroke made by the victim, and can extract this data even if the users abandon their login attempts midway.
Additionally, some of the phishing schemes have involved creating fake Google Sites domains that mirror authentic Google Meet pages. Clicking on images within these sites leads victims to hidden phishing pages, further entrenching the sophistication of the operation.
Continued Threat and Agility
Educated Manticore continues to demonstrate a persistent threat level, especially during times of elevated conflict between Iran and Israel. Their operational agility—marked by swiftly creating and removing domains and other technological infrastructure—enables them to remain effective and evade detection amidst increasing scrutiny.
This ongoing cyber warfare accentuates the necessity for robust countermeasures against such evolving phishing threats. Cybersecurity experts advise continued vigilance and awareness among individuals targeted by these sophisticated attacks, suggesting proactive measures to secure personal information in this volatile landscape.
For the latest developments in cybersecurity threats and protective strategies, consider following reliable sources dedicated to this fast-evolving field.
