In a statement, Check Point Research described the attack, saying it employed a wide array of fake email accounts to impersonate trusted parties, take over the targets’ accounts, steal information and use it to attack new targets. In many cases, the email correspondence or documents linked to by the attackers referenced security issues related to Iran and Israel.
Check Point said its analysis led it to believe the attack was perpetrated by an Iranian group called Phosphorus, which has a long history of conducting high-profile cyber operations aligned with Tehran’s interests as well as targeting Israeli officials.
The targets weren’t named by Check Point to protect their privacy, with the exception of Livni, who agreed to let her name be published. The list of targets also included a well-known former major general in the Israel Defense Forces who served in a “highly sensitive position,” the current chairperson of one of Israel’s leading security think tanks, the former chairperson of a well-known Middle East research center, and a senior executive in the Israeli defense industry.
According to the statement, the hackers “performed an account takeover of some victims’ inboxes and then hijacked existing email conversations to start attacks from an already existing email conversation between a target and a trusted party and continue that conversation in that guise.” READ MORE
