Israel exposed an Iranian “phishing” campaign aimed ay gathering information about Israeli policies and citizens, the Israel Security Agency (Shin Bet) announced on Sunday.
The Shin Bet said the Iranian campaign primarily targeted Israeli civil servants and researchers at various research institutes and had been going on for several months.
References to citizens were made using fake profiles impersonating known Israeli citizens who would-be victims had been in contact with for professional or personal reasons. The Iranians would make initial contact through a phony LinkedIn profile, then later shift the conversation to email.
Eventually, the Israelis would receive an attached file in the guise of an invitation to a conference or an article or study of interest. By opening the file, malicious software would give the Iranian contact access privileges to the rest of the Israeli’s computer.
The appeal of the Iranian entity was based on information collected about the Israeli citizens from social networks and the Internet, the contents of the correspondence and the connection were appropriate to their occupation and interests.
“The awareness and vigilance of the citizens they turned to, along with additional actions by the Shin Bet and the Israeli security system, prevented the Iranian attempts to achieve their goal,” the Shin Bet said.
The statement did not indicate how many Israelis were contacted or had downloaded the malware.
Israel and Iran have been engaged in years of clandestine cyberwarfare.
Iranian hackers are believed responsible for trying to poison Israel’s water system in 2020, encrypting data at the Hillel Yaffe Medical Center in Hadera and demanding a ransom, and triggering false rocket sirens in 2022.
A major port in the Iranian city of Bandar Abbas was paralyzed for days when computers coordinating the arrival and departure of ships, trains and trucks crashed in 2020. The attack took place shortly after the attack on Israel’s water system and has been widely attributed to Israel.