Iranian hackers have spent the past six months penetrating the emails of senior Israeli officials and then impersonating them to gain more information, the Check Point cybersecurity firm revealed Tuesday.
Among the senior officials who were impersonated was former Foreign Minister Tzipi Livni, a senior IDF reserve general, a senior executive at a major Israeli security firm, and a former US Ambassador to Israel.
The cyber assault campaign began last December, and continued until last week, Check Point said.
Throughout the period, the cyberthieves managed to hack into the emails of several key Israeli figures, and then impersonated them to extract more information from others.
Some of the stolen information included private email correspondence that contained classified information such as personal passwords to email addresses, personal information and phone numbers of key personnel in the Israeli defense industry and passports.
The stolen email correspondence also included invitations to conferences abroad – which would help those planning to target Israelis around the world.
The operation came to light in December 2021 after Livni received several emails from a senior IDF reserve general in which he begged her to open an article he had written using her email password.
The Hebrew-language text was less than professional.
Livni became suspicious and reached out to the general, who made it clear that he had not sent the emails.
In response, Livni contacted Check Point, which began investigating the matter. It quickly became clear the email to Livni was only the tip of the iceberg.
Check Point said it linked the attack campaign to Iran based on a comment it found in the source code that was previously used to implement a cyberattack attributed to Iran by Microsoft in 2020.
Also, the fictitious phishing page impersonating a “Yahoo” site was copied by the attacker using a system owned by an IP address originating in Iran.
An analysis of the patterns of action and targets of the attackers showed the operation fit the Iranian attack model that has been seen in the past.
Last month, Israel’s domestic intelligence agency, the Shin Bet, revealed that Iranian intelligence officials had approached academics, businesspeople and former senior members of the defense establishment on the internet in an attempt to entice them to go abroad, where they could be abducted or otherwise harmed.
In 2020, Iranian hackers attempted to cripple computers that control the domestic water infrastructure in two Israeli districts and raise the level of chlorine in the water. The attack, however, was quickly detected and defeated, with no harm done to water supplies.
In 2019, Iranian hackers also managed to break into the personal phone of Blue & White party chairperson Benny Gantz, a former IDF chief of staff who was running for prime minister at the time. Gantz currently serves as Israel’s defense minister.