The UK’s National Cyber Security Centre (NCSC) and several US agencies, including the FBI and US Cyber Command, have issued a joint alert warning of a growing spear-phishing campaign orchestrated by Iran’s Islamic Revolutionary Guard Corps (IRGC). This campaign is primarily targeting individuals with connections to Iranian and Middle Eastern affairs, as well as US political campaigns. According to the advisory, the IRGC’s objective is to gather intelligence and advance its information operations through these cyberattacks.
The phishing campaign is highly personalized, with threat actors impersonating family members, professional contacts, journalists, or even email service providers. Their tactics involve sending victims requests for interviews, invitations to conferences, or offers of speaking engagements. The phishing attempts are designed to lure the target into clicking a malicious link, which redirects them to a fake login page. In some cases, attackers may even attempt to bypass two-factor authentication by asking victims for authentication codes through messaging apps or phone notifications.
The advisory highlights the sophisticated nature of these attacks, as victims may believe they are accessing legitimate documents or correspondence. In reality, the phishing page captures login credentials, allowing attackers to access sensitive information. Targeted groups include current or former government officials, journalists, activists, and think tank personnel. The IRGC’s broader goal appears to be to manipulate political discourse and influence foreign policy discussions in the US and Middle East.
To protect against these threats, the advisory urges individuals to be cautious of unsolicited communications, especially those requesting personal information or containing suspicious links. It also advises against interacting with shortened URLs, attachments, or links from unknown sources. The UK and US agencies stress the importance of vigilance as these cyberattacks grow more sophisticated and harder to detect.