Phosphorus Targets Israeli and US Officials with Spear-Phishing

This report from Check Point Research details an Iranian spear-phishing campaign targeting high-profile former Israeli and US officials. According to Check Point, the high-profile targets of this operation include Tzipi Livni, former Israeli Foreign Minister and Deputy Prime Minister; a former major general in the Israeli Defence Forces (IDF) who held a highly sensitive position; the chairman of a leading Israeli security think tank; a former US ambassador to Israel; the former chairman of a prominent Middle East research centre; and a senior executive in the Israeli defence industry. The attackers used sophisticated techniques, including email thread hijacking and a custom URL shortener, to trick victims into revealing sensitive information. A legitimate identity verification service was also exploited to steal identity documents. The report analyses the attack infrastructure, methods and possible attribution to the Iran-linked Phosphorus APT group, suggesting a motive that may be linked to escalating geopolitical tensions between Iran and Israel. The ultimate goal appears to be access to victims' inboxes and personally identifiable information (PII), although the possibility of physical harm is also considered.