Iranian state-sponsored hacking group Phosphorus also known as APT35, Charming Kitten, Magic Hound, and Newscaster Team has been suspected to be behind a spear-phishing campaign aimed at a former U.S. ambassador to Israel, as well as former Israeli officials, high-ranking military officers, and a security think tank leader, CyberScoop reports.
Check Point researchers discovered that attackers have leveraged legitimate and spoofed email accounts, a credential-harvesting phishing page impersonating Yahoo, a phony URL shortener, and a document verification service in the campaign, which seeks to exfiltrate targets' personal details and passport scans, as well as their emails.
"The most sophisticated part of the operation is the social engineering. The attackers use real hijacked email chains, impersonations to well-known contacts of the targets, and specific lures for each target. The operation implements a very targeted phishing chain that is specifically crafted for each target. In addition, the aggressive email engagement of the nation-state attacker with the targets is rarely seen in nation-state cyber attacks," said Check Point Threat Intelligence Group Manager Sergey Shykevich.