Suspected Iranian hackers targeted the emails of senior Israeli and American officials and executives this month. According to the Israeli cybersecurity firm Check Point, the personal e-mail accounts of these individuals were subject to a variety of phishing attacks that linked references to security issues impacting Iran and Israel.
This attack was reported just days after U.S. FBI Director Christopher Wray detailed how hackers sponsored by the Islamic Republic of Iran attempted to carry out a “despicable” cyber-attack targeting the Boston Children’s Hospital last year at a conference.
State-Sponsored Cyber Warfare Prioritized
In recent years, Iran has prioritized strengthening its cyber-warfare offensive capabilities to target its adversaries. Russia and China also possess sophisticated skills in the cyber realm. While the U.S. is largely regarded as the most “cyber-capable” nation, the world’s reliance on digital infrastructure and our adversaries’ improved capabilities have increased the frequency and scale of attacks.
Checking On Iran-Based Phosphorus Hackers
The Israeli company Check Point believes that the recent cyber-attack targeting U.S. officials, Israeli officials, and executives was perpetrated by an Iranian group called Phosphorus. The hack originated from an Iranian IP address and a commented-out section of code suggests the Phosphorus group is involved, according to The Times of Israel.
The Iranian cyber group has carried out several other notable attacks over the years since its inception. In 2020, Microsoft reported that the Iranian-linked Phosphorus group targeted an unnamed U.S. presidential campaign which Reuters later named to be the Trump campaign. Microsoft reported that the group targeted the personal accounts of Trump campaign staffers and took action to seize control over the dozens of websites Phosphorus used to carry out its hacks.
In its most recent hacking operation, the group targeted a handful of individuals including Israel’s former foreign minister Tzipi Livni, a former U.S. ambassador to Israel and a well-known former major general in Israel’s Defense Forces (IDF). According to a statement issued by Check Point, the Iranian group allegedly “performed an account takeover of some victims’ inboxes and then hijacked existing email conversations to start attacks from an already existing email conversation between a target and a trusted party and continue that conversation in that guise.”
Israel and the U.S. have been on high alert regarding the influx of Iranian-based hacking operations. Last October, Microsoft released evidence identifying a group of Iranian hackers that targeted American and Israeli companies. More than 250 Office 365 users were targeted in extensive password spraying according to a report published by The Microsoft Threat Intelligence Center (MSTIC) and Microsoft Digital Security Unit (SDU).
A few months before Microsoft’s detailed announcement, the FBI thwarted an attack on a U.S. hospital, which was recently unveiled to be Boston Children’s Hospital. FBI Director Wray asserted that the U.S. “Cannot let up on China or Iran or criminal syndicates while we are focused on Russia.” While the Kremlin has pursued hacking operations targeting Kyiv during its ongoing invasion of the country, the U.S. remains susceptible to attacks. Additionally, the potential for a joint Iranian-Russian cyber-attack could pose significant consequences for U.S. security.
Maya Carlin is a Middle East Defense Editor with 19FortyFive. She is also an analyst with the Center for Security Policy and a former Anna Sobol Levy Fellow at IDC Herzliya in Israel. She has by-lines in many publications, including The National Interest, Jerusalem Post, and Times of Israel.
