Israel’s National Cyber Directorate recently located a number of phishing messages that were sent in a targeted manner to academics and researchers in research institutes dealing with the Iranian arena and the Middle East, as well as to former members of the security establishment. Among other things, the messages also contained impersonating links to ZOOM that were discovered to be illegitimate links.

The identified phishing attempts are associated with the Iranian attack group APT42, which is linked to the Islamic Revolutionary Guard Corps (IRGC), which specializes in cyber espionage and intelligence gathering operations. Recent reports published by Google’s Threat Research Group about the APT42 attack group show that it consistently targets government employees, political campaigns, diplomats, think tank researchers, non-governmental organizations and academic institutions that contribute to foreign policy discourse, as seen in the US .

The group carried out targeted phishing attempts for the purpose of collecting sensitive information after conducting in-depth research on the target organization or on specific individuals. The emails often looked very credible and were sent from domains impersonating legitimate organizations and research institutes from around the world, with the content of the messages also including links to Zoom meetings and PDF documents with an invitation to participate in the conference, along with participant lists in order to establish credibility.

Also, messages were sent from parties impersonating researchers in the political field With an emphasis on the Middle East, those seeking to consult on academic studies, these actions make it difficult to identify a message as malicious.

Image - Reuters