Iranian hackers linked to the Islamic Revolutionary Guard Corps (IRGC) have escalated their phishing attacks targeting U.S. and Israeli officials and institutions. Google’s Threat Analysis Group reports that the IRGC has increased efforts to steal credentials from individuals associated with the Trump and Biden presidential campaigns. This activity has been part of a broader pattern of phishing attempts aimed at various high-profile targets, including Israeli military, defense, and academic institutions.
From May to June, the IRGC focused on compromising the logins of U.S. government officials and campaign staff. The group’s tactics involve using social engineering techniques, including fake emails and impersonated Google services, to trick recipients into revealing their credentials. This targeted approach has intensified as geopolitical tensions between Iran and Israel have heightened.
The IRGC’s phishing operations have also been observed targeting Israeli defense and civil society organizations, employing fake landing pages and email domains to deceive victims. In one instance, hackers posed as journalists seeking comments on air strikes to lure former senior Israeli military officials into providing their login details. This sophisticated social engineering aims to exploit engagements to set up future attacks.
In addition to these efforts, the IRGC successfully infiltrated the email of a high-profile political consultant, according to Google. With the election season approaching, experts anticipate a rise in similar phishing campaigns and hack-and-leak operations, echoing past election interference efforts. This ongoing threat underscores the need for enhanced cybersecurity measures and vigilance against sophisticated phishing tactics.
Reference:
- https://www.rapid7.com/blog/post/2024/08/12/ongoing-social-engineering-campaign-refreshes-payloads/
