Ethical Hacking News
Iranian APT35 hackers have been linked to a spear-phishing campaign targeting Israeli tech experts using AI-powered phishing attacks. The attack, attributed to the threat cluster known as Educated Manticore, demonstrates the increasing reliance on AI tools in phishing campaigns and highlights the need for organizations and individuals to remain vigilant against these sophisticated threats.
Iranian hackers affiliated with IRGC have launched a spear-phishing campaign targeting Israeli journalists, cybersecurity experts, and computer science professors. The attack employs AI-powered tactics to craft personalized messages exploiting current geopolitical tensions between Iran and Israel. The attackers use a custom phishing kit that captures login credentials and 2FA codes, facilitating 2FA relay attacks. The campaign includes a passive keylogger to record keystrokes and exfiltrate them in case the user abandons the process. Check Point attributed the activity to Educated Manticore, a threat cluster known for orchestrating social engineering attacks using elaborate lures. The attack is believed to be part of the Iran-Israel war, with attackers taking advantage of current tensions to craft targeted messages. The use of AI tools in phishing campaigns poses a significant threat to individuals and organizations alike. Organizations and individuals must remain vigilant and take proactive measures to protect themselves against AI-powered phishing attacks. Continued investment in cybersecurity research and development is essential to understand attacker tactics and develop effective strategies for detection and mitigation.
In a recent development that highlights the evolving nature of cyber threats, Iranian hackers affiliated with the Islamic Revolutionary Guard Corps (IRGC) have been linked to a spear-phishing campaign targeting journalists, high-profile cybersecurity experts, and computer science professors in Israel. This sophisticated attack, attributed to the threat cluster known as Educated Manticore, which overlaps with APT35 and other notable groups such as CALANQUE, Charming Kitten, and Cobalt Illusion, demonstrates the increasing reliance on artificial intelligence (AI) tools in phishing campaigns.
The spear-phishing campaign, which began mid-June 2025, employs AI-powered tactics to craft personalized messages that exploit current geopolitical tensions between Iran and Israel. Attackers pose as fictitious assistants to technology executives or researchers via emails and WhatsApp messages, aiming to build trust with their victims before directing them to fake Gmail login pages or Google Meet invitations. The use of AI tools enables the attackers to create highly sophisticated phishing kits that can capture not only login credentials but also two-factor authentication (2FA) codes, thereby facilitating 2FA relay attacks.
One of the most striking aspects of this campaign is the incorporation of a passive keylogger to record keystrokes entered by victims and exfiltrate them in the event the user abandons the process. The custom phishing kit employed by the attackers closely imitates familiar login pages, using modern web technologies such as React-based Single Page Applications (SPA) and dynamic page routing. This design allows it to hide its code from additional scrutiny, making it even more difficult for victims to detect.
Check Point, a leading cybersecurity company, attributed the activity to Educated Manticore, which overlaps with APT35 and other notable threat clusters. The group has a long history of orchestrating social engineering attacks using elaborate lures and approaching targets on various platforms like Facebook and LinkedIn using fictitious personas to trick victims into deploying malware on their systems.
The attack is believed to be part of the Iran-Israel war that began in June 2025, with attackers taking advantage of the current tensions between the two countries to craft messages tailored to specific targets. The messages often claim that the victim needs immediate assistance with an AI-based threat detection system to counter a surge in cyber attacks targeting Israel since June 12.
"Educated Manticore continues to pose a persistent and high-impact threat, particularly to individuals in Israel during the escalation phase of the Iran-Israel conflict," Check Point said. "The group continues to operate steadily, characterized by aggressive spear-phishing, rapid setup of domains, subdomains, and infrastructure, and fast-paced takedowns when identified. This agility allows them to remain effective under heightened scrutiny."
The use of AI tools in phishing campaigns has become increasingly prevalent, with attackers leveraging advanced technologies such as machine learning algorithms and natural language processing (NLP) to craft highly personalized messages that exploit human psychology.
In the context of this attack, it is clear that AI-powered phishing campaigns pose a significant threat to individuals and organizations alike. The sophistication and customization of these attacks make them difficult to detect, and the use of AI tools enables attackers to stay one step ahead of cybersecurity professionals.
As the cyber threat landscape continues to evolve, it is essential for organizations and individuals to remain vigilant and take proactive measures to protect themselves against AI-powered phishing attacks. This includes implementing robust cybersecurity protocols, staying up-to-date with the latest security patches, and educating employees on how to identify and report suspicious emails and messages.
Furthermore, the use of AI tools in phishing campaigns highlights the need for continued investment in cybersecurity research and development. By understanding the tactics, techniques, and procedures (TTPs) employed by attackers, cybersecurity professionals can develop more effective strategies for detecting and mitigating these threats.
In conclusion, the Iranian APT35 hackers' use of AI-powered phishing attacks to target Israeli tech experts demonstrates the evolving nature of cyber threats in the modern era. As the use of AI tools becomes increasingly prevalent in phishing campaigns, it is essential for organizations and individuals to remain vigilant and take proactive measures to protect themselves against these sophisticated threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Iranian-APT35-Hackers-Utilize-AI-Powered-Phishing-Attacks-to-Target-Israeli-Tech-Experts-ehn.shtml
https://thehackernews.com/2025/06/iranian-apt35-hackers-targeting-israeli.html
Published: Thu Jun 26 05:18:53 2025 by llama3.2 3B Q4_K_M
