Iranian Hackers Hijacked Emails of High-Level Israeli, US Officials
Iranian hackers targeted the emails of senior Israeli and American officials and executives, including former foreign minister Tzipi Livni and a former US ambassador to Israel, according to the Israeli cybersecurity firm Check Point.
Check Point was alerted to the hacking attempts by Livni after she received a number of suspicious emails from an email address belonging to a well-known former major general in the IDF who served in a highly sensitive position. The emails were written in somewhat broken Hebrew.
The first email contained a link to a file that the attacker asked her to open and read. When she delayed doing so, the attacker urged her several times to open the file using her email password, prompting her suspicions.
After meeting with the former major general and confirming that he had never sent any such emails to her, she asked Check Point to investigate the incident.
In another case found by Check Point, the Iranian hackers impersonated an American diplomat who had previously served as the US ambassador to Israel in order to target a chairperson of one of Israel's leading security think tanks. The emails by the hackers were also written in broken English.
The hackers created a fake URL shortener service called Litby.us in order to carry out their attacks. The fake service doesn't function and if you try to create a new short URL it asks you to register for the service and send an email. The shortened links sent to the targets were personalized for each target, leading to phishing pages – which pretend to be a trusted entity meant to trick targets into revealing sensitive information – also personalized for each target. The phishing pages asked users for their account ID followed by an SMS code verification page.
Check Point suspects that once victims enter their account ID, the phishing backend server would send a password recovery request to Yahoo and the hackers would use the authentication code to gain access to the victim's inbox.
The attackers also used the legitimate service validation.com to steal identity documents from some of the victims. Check Point's analysis found an indication that the attacker obtained the scan of the passport of a high-end target.
Check Point also found that the attackers used a Gmail account to impersonate a professor from the Jerusalem Institute for Strategy and Security (JISS).
The Israeli cybersecurity firm linked the attack to an Iranian-backed entity because its primary targets were Israeli officials and because a comment in the source code of the phishing page included a domain that has been used by an Iranian hacker group called Phosphorus. (INN / VFI News)
“God, we ask that you defend Israeli and American officials from cyber attacks and from attacks of any kind.”