Phishing

U.S., Israel Subjected to Escalating APT42 Phishing Attacks

Share
Impersonation attacks

More phishing attacks have been deployed by Iranian state-sponsored threat operation APT42 against the U.S. and Israel in recent months, CyberScoop reports.

Intrusions aimed at exfiltrating credentials from nearly a dozen former and current U.S. officials and people associated with the campaigns of former President Donald Trump and President Joe Biden were conducted by APT42 between May and June, according to an analysis from the Google Threat Analysis Group, which also confirmed Iranian hackers' successful compromise of a political consultant's email account initially reported by Microsoft.

On the other hand, Israel had its high-profile diplomatic, defense, and civil society members subjected to a social engineering campaign exploiting Google services and other widely used tools, such as OneDrive and Dropbox, aimed at facilitating the theft of email credentials.

"This spring and summer, they have shown the ability to run numerous simultaneous phishing campaigns, particularly focused on Israel and the U.S. As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from APT42," said Google TAG researchers.