Targeted Phishing by APT42 Aims at Academia and Defense Officials
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Spear Phishing
- Attack Complexity: Low
- Threat Risk: Low Impact/High Probability
Threat Overview
APT42 has launched a series of phishing attacks targeting Middle Eastern studies researchers, defense sector officials, and institutions specializing in Iran across Israel and the U.S. The phishing messages were highly personalized, containing malicious links disguised as Zoom invitations and documents. APT42’s tactics included impersonating researchers and reputable organizations to enhance credibility and evade detection. The campaign underscores ongoing cyber espionage efforts by Iranian actors focused on intelligence gathering in academia, defense, and foreign policy sectors, impacting both governmental and research entities.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Case | Washington Institute for Near East Policy The Washington Institute for Near East Policy is a pro-Israel American think tank based in Washington, D.C., focused on the foreign policy of the United States in the Near East. Washington Institute for Near East Policy has been targeted by APT42 with abusive purposes. | Verified |
| Sector | Defense | Verified |
| Sector | Government Agencies and Services | Verified |
| Sector | Researchers | Verified |
| Region | Israel | Verified |
| Region | United States | Verified |
Extracted IOCs
- washingtoninstitutes[.]org
- edelmaneric@hotmail[.]com
- hanin.ghaddar@washingtoninstitutes[.]org
Tip: 3 related IOCs (0 IP, 1 domain, 0 URL, 2 email, 0 file hash) to this threat have been found.