Iran increases phishing attempts on U.S., Israeli targets | CyberScoop<\/title> <meta name=\"description\" content=\"APT42 targeted the Biden and Trump presidential campaigns from May to June, Google researchers found.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/iran-israel-hacking-phishing\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Iran increases phishing attempts on U.S., Israeli targets\"> <meta property=\"og:description\" content=\"APT42 targeted the Biden and Trump presidential campaigns from May to June, Google researchers found.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/iran-israel-hacking-phishing\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-08-14T21:43:05+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1721926675g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1723669469g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1721764637g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81410\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81410\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Firan-israel-hacking-phishing%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Firan-israel-hacking-phishing%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81410 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/iran-israel-hacking-phishing\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.111888111888\">\n<div class=\"single-article__header-content\" readability=\"29.142857142857\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> APT42 targeted the Biden and Trump presidential campaigns from May to June, Google researchers found. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> The Iranian national flag is seen outside the International Atomic Energy Agency (IAEA) headquarters during the agency’s Board of Governors meeting in Vienna on March 1, 2021. (Photo by JOE KLAMAR\/AFP via Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"31.407096038757\"><body readability=\"64.079899339415\"><\/p>\n<p>Hackers linked to Iran\u2019s Islamic Revolutionary Guard Corps targeted the Trump and Biden presidential campaigns amid increased phishing attacks against U.S. and Israeli officials and institutions, according to a <a href=\"https:\/\/blog.google\/threat-analysis-group\/iranian-backed-group-steps-up-phishing-campaigns-against-israel-us\/\">new report<\/a> from Google\u2019s Threat Analysis Group.<\/p>\n<p>Google TAG researchers saw \u201csmall but steady\u201d attempts by IRGC this election cycle to steal credential information from people associated with President Joe Biden and former President Donald Trump. The report also noted an increase in phishing attacks against Israeli military, defense, academic institutions and civil society organizations starting in April.<\/p>\n<p>\u201cThis spring and summer, they have shown the ability to run numerous simultaneous phishing campaigns, particularly focused on Israel and the U.S. As hostilities between Iran and Israel intensify, we can expect to see increased campaigns there from APT42,\u201d Google\u2019s report noted, using Mandiant\u2019s threat actor naming convention.<\/p>\n<p>Last week, the Trump campaign <a href=\"https:\/\/cyberscoop.com\/trump-campaign-says-emails-were-hacked-jumpstarting-a-wild-ride-to-election-day\/\">alleged that Iran<\/a> was the source of an attempted hack-and-leak operation by a persona dubbed \u201cRobert\u201d that claimed to multiple media outlets that they had inside access to campaign materials for the Trump campaign. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Former National Security Agency cybersecurity head Rob Joyce said Sunday at the DEF CON conference in Las Vegas that hack-and-leak operations of that kind \u2014 which harken back to the 2016 presidential election and efforts by Russia to sway the election using stolen emails \u2014 will likely ramp up as election day draws closer.<\/p>\n<p>From May to June, researchers saw the IRGC attempt to steal logins of \u201croughly a dozen\u201d former and current U.S. government officials, as well as individuals connected to the presidential campaigns of both Trump and Biden months before he dropped out and was replaced at the top of the Democratic ticket by Vice President Kamala Harris.<\/p>\n<p>Google also confirmed Microsoft\u2019s report <a href=\"https:\/\/cyberscoop.com\/microsoft-iran-makes-late-play-to-meddle-in-u-s-elections\/\">last week<\/a> that the IRGC successfully infiltrated the email of a \u201chigh-profile political consultant.\u201d<\/p>\n<p>Iran has been <a href=\"https:\/\/cyberscoop.com\/us-intel-officials-kremlin-once-again-prefers-trump\/\">described<\/a> as a \u201cchaos agent\u201d by intelligence officials and Google\u2019s report noted that the U.S. and Israel combined to make up more than half of the IRGC\u2019s geographic targeting.<\/p>\n<p>The IRGC has been steadily targeting high-profile individuals with connections to Israeli defense, diplomatic and civil society organizations. Hackers used a combination of social engineering and fake Google services masquerading as Gmail, Google Sites or Drive, or other fake sites impersonating Dropbox and OneDrive, the report noted.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>In one case, the IRGC attempted to social engineer former senior Israeli military and aerospace officials by acting as a journalist looking for comment on air strikes. The emails would not have malicious links or malware attached, but hackers would try to use the engagement to further trick the target down the line by using a fake landing page where they would be prompted to enter their credentials. <\/p>\n<p>The state-backed hackers also imitated organizations like the Institute for the Study of War and the Brookings Institution using similar website or email domains, the report found.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.5562310030395\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/iran-increases-phishing-attempts-on-u-s-israeli-targets-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Geopolitics<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/iran-israel-hacking-phishing\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Iran increases phishing attempts on U.S., Israeli targets | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[765,78,302,1468,1548,513,1240,514,60,256,288,1557],"tags":[766,86,306,1470,1552,517,1242,518,67,262,294,1562],"class_list":["post-4883","post","type-post","status-publish","format-standard","hentry","category-biden","category-cybersecurity","category-geopolitics","category-google-threat-analysis-group","category-hack-and-leak","category-iran","category-irgc","category-israel","category-phishing","category-research","category-threats","category-trump","tag-biden","tag-cybersecurity","tag-geopolitics","tag-google-threat-analysis-group","tag-hack-and-leak","tag-iran","tag-irgc","tag-israel","tag-phishing","tag-research","tag-threats","tag-trump"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/biden\/\" rel=\"category tag\">Biden<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/google-threat-analysis-group\/\" rel=\"category tag\">Google Threat Analysis Group<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hack-and-leak\/\" rel=\"category tag\">hack and leak<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/irgc\/\" rel=\"category tag\">IRGC<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/israel\/\" rel=\"category tag\">Israel<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/phishing\/\" rel=\"category tag\">phishing<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/trump\/\" rel=\"category tag\">Trump<\/a>","tag_info":"Trump","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4883","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4883"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4883\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4883"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4883"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4883"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":4883,"date":"2024-08-14T16:43:05","date_gmt":"2024-08-14T21:43:05","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81410"},"modified":"2024-08-14T16:43:05","modified_gmt":"2024-08-14T21:43:05","slug":"iran-increases-phishing-attempts-on-u-s-israeli-targets","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/14\/iran-increases-phishing-attempts-on-u-s-israeli-targets\/","title":{"rendered":"Iran increases phishing attempts on U.S., Israeli targets"},"content":{"rendered":"