Israeli media report that on August 4, Israelis received alarming letters in their electronic mailboxes, supposedly containing “Security Recommendations for citizens” from the Israeli Defense Army (IDF).
The letters, written in English, contained a link to “important materials”, but in reality, it was a phishing attack aimed at stealing data. The link was designed to download a ZIP archive from cloud storage, delivering malicious software for remote device seizure.
Israel attributed the attack to the Iranian government group Muddywater, which was spurred into action after the assassination of Hamas leader Ismail Khania in Tehran on July 31, heightening tensions in Israel.
Following Khania’s death, Iranian hackers launched active phishing attacks on Israeli companies. However, their hasty actions made the campaign easily detectable. The use of English letters, reused infrastructure, and previously exposed methods enabled Israeli intelligence services to swiftly identify the source of the threat.
The primary objective of the campaign is to instill fear and uncertainty among Israelis and encourage them to click on harmful links. Hackers exploited the natural human instinct to protect themselves and their loved ones to infiltrate electronic devices and steal sensitive data. Apart from the cyber attack, the campaign also aims to disrupt the psychological well-being of Israeli citizens. The Israeli government had previously issued a warning about Muddywater’s phishing attacks in June of this year.
Muddywater cybercriminals frequently carry out phishing campaigns using compromised corporate email accounts, leading to the deployment of legitimate remote control tools like ATERA AGENT and Screen Connect. Additionally, hackers have begun utilizing the new Bugsleep Backdoor specifically designed for targeting Israeli organizations.