Illustration
IllustrationiStock

The Israel National Cyber Directorate warned on Thursday that it has detected a surge in phishing messages targeting researchers in the field of Middle Eastern studies, specifically those focusing on Iran, as well as former defense sector officials.

Dozens of tailored phishing attempts have been reported, featuring links that impersonate Zoom but are malicious.

According to the directorate, APT42, a group linked to Iran’s IRGC, which specializes in cyber espionage, is behind the threat. Google’s Threat Analysis Group reveals APT42 has consistently targeted high-profile users in Israel & the US, including government officials, diplomats, think tanks, NGOs, and academic institutions.

APT42’s attacks use highly credible-looking emails from fake domains, often inviting recipients to “Zoom” meetings or conferences. These emails may also include PDFs with participant lists to add legitimacy, making them difficult to identify as threats. Impersonated researchers also reach out for “consultations,” adding another layer of authenticity.

The Directorate has distributed Indicators of Compromise to help organizations monitor & block these threats. Stay vigilant and exercise caution when opening links or files from unknown emails.