- An Iranian state-backed Hacking group targeted Israeli journalists, Cybersecurity professionals, and academics in a recent spear-phishing campaign.
- The attackers used fake identities to connect with victims through email and WhatsApp, luring them to counterfeit Google login or meeting pages.
- The campaign, attributed to Educated Manticore, used advanced phishing kits able to capture credentials and two-factor authentication codes.
- Messages were crafted with help from Artificial Intelligence tools, making communications appear legitimate and error-free.
- The phishing attack leveraged current geopolitical tensions, focusing on Israeli targets during the Iran-Israel conflict’s escalation.
In mid-June 2025, an Iranian state-sponsored hacking group linked to the Islamic Revolutionary Guard Corps targeted Israeli journalists, cybersecurity experts, and computer science professors with a spear-phishing campaign. The group reached out through emails and WhatsApp messages, posing as assistants to technology executives or researchers to build trust and trick individuals into visiting fake login or meeting pages.
Check Point reported these incidents, stating that the threat actors used convincing decoy messages and fake invitations to direct targets to spoofed Gmail or Google Meet sites. These custom phishing sites were built using modern web tools and closely resembled real Google login pages, as explained in their official report.
The campaign was attributed to a threat cluster tracked as Educated Manticore. This group is also known by other names such as APT35, Charming Kitten, ITG18, and TA453. According to Check Point, "The threat actors directed victims who engaged with them to fake Gmail login pages or Google Meet invitations." The messages included structured, error-free language likely crafted with artificial intelligence, designed to improve the credibility of the attack.
The initial communications were harmless, with attackers patiently establishing contact and rapport. Once trust was built, they sent links to phishing sites that replicated legitimate authentication flows and pre-filled the victim’s email address. The phishing kit captured not only passwords but also one-time use codes from two-factor authentication, and operated as a passive keylogger to collect any information entered on the site. Some schemes involved links hosted on Google Sites, with fake Google Meet images leading to credential harvesting pages.
According to Check Point, "Educated Manticore continues to pose a persistent and high-impact threat, particularly to individuals in Israel during the escalation phase of the Iran-Israel conflict." The group has been able to move quickly by setting up new domains and infrastructure and taking them down rapidly after being flagged. This strategy helps them remain effective despite increased attention from cybersecurity defenders.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Nasdaq Integrates Canton Blockchain for 24/7 Collateral Management
- Pepe Meme Coin Drops 4.7% as Investor Interest Fades Further
- WhatsApp Rolls Out AI Message Summaries with Advanced Privacy
- Opyl Turns to Bitcoin Treasury as Cash Crisis Deepens
- Theta Network Launches EdgeCloud Beta, Unveils Hybrid GPU Platform
