Iran spying on Israel, Saudi Arabia with major cyberattacks

Israeli ClearSky cybersecurity company said it has discovered an ongoing wave of cyber attacks originating from Iran on targets in Israel and the Middle East, Times of Israel newspaper reported.

The goal is “espionage or other nation-state interests,” the firm said.

The hackers have used techniques such as targeted phishing — in which hackers gather user identification data using false web pages that look like real and reputable ones — to hack into 40 targets in Israel and 500 worldwide. In Israel the targets have included retired generals, employees of security consulting firms and researchers in academia.

Some 44 percent of those targeted are in Saudi Arabia, followed by Israel (14%) and Yemen (11%).

Company officials said that the targets outside Israel included the finance minister of a Middle Eastern country, Qatar’s embassy in Britain, journalists and human rights activists, according to Israel Radio.

“The campaign includes several different attacks with the aim of taking over the target’s computer or gain access to their email account. We estimate that this access is used for espionage or other nation-state interests,” ClearSky said.

In the attacks, which ClearSky officials said dated from at least July 2014, but possibly as far back as 2011, hackers have sent malware as email attachments and used social-engineering techniques to hack into telephone lines, email accounts and Facebook.

ClearSky officials said that the current cyber attack is the toughest one they have encountered in terms of duration and persistence.

“The targets come, mostly, from the following fields: Both Academic researchers and practitioners in the fields of counter-terror, diplomacy, international relations, Iran and Middle East, and other fields, such as Physics; Security and defence; Journalists and Human rights activists,” the report said.

The authors said “several characteristics of the attacks have led us to the conclusion that an Iranian threat actor is the likely culprit.” They said they assume, but do not have direct evidence, that the hacking campaign is either being supported by the Iranian regime or performed by the regime itself: “The context of the attacks and cover stories all revolve around Iran,” the report noted.

“The attackers speak and write in native Iranian Persian and make mistakes characteristic of Persian speakers. In one of the hacked accounts, when retrieved, the interface language had been changed to Persian.”