In August 2025, the National Cyber Directorate successfully blocked a sophisticated Iranian-linked cyber campaign targeting soldiers and reservists seeking mental health support. The attack centered on a fraudulent website, nefeshhope[.]com, designed to impersonate an official platform offering assistance for post-traumatic stress. The site aimed to collect personal information and could have deployed malware, but authorities detected and removed it before it caused harm.

Dana Toren, Head of Operations at the Directorate, emphasized the importance of early detection: “This operation demonstrates the need for constant monitoring and preparedness, particularly when attackers attempt to exploit vulnerable populations seeking help.” Officials warned that similar campaigns could appear via alternative websites, links, or emotionally manipulative messages, urging the public to rely solely on verified channels such as NATAL, the Ministry of Defense, or the OneNefesh program.

Simultaneously, cybersecurity firm Dream, founded by Shalev Hulio, co-founder of the controversial NSO Group, reported a separate multi-wave spear-phishing campaign targeting embassies, consulates, and international organizations worldwide. The operation exploited a compromised mailbox at the Omani Ministry of Foreign Affairs, sending emails containing Microsoft Word attachments with embedded VBA macros. When executed, the macros converted encoded numerical sequences into ASCII characters, deploying malware. Analysts examined 270 emails and identified 104 unique compromised addresses used to obscure the campaign’s origin, indicating a coordinated effort across multiple countries.