Tzipi Livni and members of the defense establishment: Iranian hackers attacked the mailboxes of senior Israeli officials

"You need to verify your identity by logging in": An Iranian hacker hack into the inboxes of senior Israeli officials has led to impersonation and targeted attacks on high-profile political, political, academic and business entities

Yinon Ben Shoshan

14/06/2022

Tuesday, 14 June 2022, 13:00 Updated: 13:01

• Share on Facebook

• Share on WhatsApp

• Share on Twitter

• Share on Email

• Share on general

• Comments

  Comments

Israeli cyber security company Check Point announced this morning (Tuesday) an Iranian attack on senior Israeli officials.

As part of the move, which lasted at least six months,

, impersonated him and corresponded on his behalf with senior officials in order to get them to open various documents, including

.

According to the study, from December 2021 until last week, Iranian attackers conducted e-mail correspondence with senior officials in Israel after breaking into several e-mail addresses and impersonating the same entities.

The correspondence included sending documents including an invitation to a conference abroad and articles on the Iranian nuclear program - and these required the victims to type in their email password.

More on Walla!

The sweetest competition in the world returns to Israel

In collaboration with Gerber

Corresponded with senior officials in order to get them to open various documents.

Tzipi Livni (Photo: Reuven Castro)

During December, the former foreign minister received several emails in Hebrew from the same general in the reserve, including a request to read an article he wrote about security incidents in 2021. After several emails in which he urged Livni to open the file with her email password, Livni turned to the reservist

"Livni forwarded the e-mail correspondence to us, from which we tracked down the senders and files and found out how wide the move was (publishing Livni's name matches her)," Check Point said.

According to them, in those months to last week, the Iranian attackers managed to get their hands on a private email correspondence between the head of a very central research institute in Israel and the former US ambassador to Israel, and used it to create further correspondence during which they impersonated the ambassador using another email.

"You need to verify your identity when logging in."

Another email sent to Livni (Photo: Check Point / Screenshot)

"Your comments are also very important to me."

Another failed attempt to persuade Livni to type in the email password (Photo: Check Point / Screenshot)

"We also saw that the same attackers reached out to a senior manager of a central security company in Israel and tried to steal personal details about him. In order to do so, they used a legitimate platform to which documents could be uploaded. .

Document entitled "A determined path - the tattoo of Iran's strategy", sent to the head of a central research institute in Israel (Photo: Check Point / screenshot)

As part of the move, the attackers also impersonated a well-known professor in the Middle East and through it sent additional documents related to Iran.

It was further found that the attackers set up an infrastructure for obtaining the victims' telephone numbers, ostensibly as part of the process of opening the documents.

The method worked like this: First, after clicking on the document attached to the email or a link in the email, a page will appear asking to enter an identification password into the user account (a password that will be copied by the attackers).

There will then be a request for further verification by the user in the form of an SMS code that will be sent to the device linked to the email account.

It should be noted that the phone number inside the impersonation page was specially adapted for the purpose of the attack - his phone number.

Invitation to the Roundtable Kickoff Skier's conference, which was sent to the general in reserve who served in a senior and sensitive position (Photo: Check Point / screenshot)

In total, in those months, assaults were identified against the following parties:

• A reserve champion who served in a senior and sensitive position - the email was hacked and impersonated

• Former Foreign Minister Tzipi Livni - tried to get her to type in her email password on a dedicated file sent to her with an invitation to a conference abroad

• Head of the Central Research Institute in Israel - Private correspondence was reached between him and the former US Ambassador to Israel, and based on that correspondence, they impersonated the ambassador and forwarded additional emails to the head of the research institute in order to communicate with him and obtain private information.

• Former US Ambassador to Israel - impersonate him through the use of existing correspondence with the head of the research institute and in this way pass on a link aimed at information theft

• Senior manager of a central security company - tried to steal his personal details and managed to get his passport photo

• A well-known professor in the field of Middle East studies - impersonating him in order to transfer documents to various parties.

• technology

• Privacy and security

Tags

• Cyber