Iranian Hackers Broke Into Email Accounts of Senior Israeli Figures, Security Firm Says

Check Point attributes the attacks to a group of Iranian hackers known as Phosphorus APT, saying they targeted ex-foreign minister Tzipi Livni, an Israeli general, and other senior defense officials

Oded Yaron
Oded Yaron
Send in e-mailSend in e-mail
An Iranian flag is seen on a screen as Israel's Naftali Bennett speaks at a cyber conference in Tel Aviv, last year.
An Iranian flag is seen on a screen as Israel's Naftali Bennett speaks at a cyber conference in Tel Aviv, last year.Credit: Moti Milrod
Oded Yaron
Oded Yaron

Iranian hackers have taken control of the email accounts of senior Israeli figures and impersonated them, the Israeli cybersecurity company Check Point Software Technologies announced on Tuesday.

This “spear-fishing” – an individualized email spoofing attack designed to steal sensitive private information and credentials, or to steal money from them – has been going on since at least December 2021, though most probably for longer. The victims include former Israeli foreign minister Tzipi Livni, as well as a former major general who served in a highly sensitive position in the Israeli military, a senior executive in the defense industry, and the chairman of one of Israel's leading security think tanks.

Check Point attributed the attacks to a group of Iranian hackers known as the Phosphorus APT group, which is also known by a number of other aliases, including ATP35, Charming Kitten and the Ajax Security Team.

According to research conducted by other companies, including Cybereason and Clear Sky, Phosphorus APT is linked to the Iranian Revolutionary Guards, and has been tied in the past to other attacks on journalists and human rights groups – as well as senior government and military officials.

The hackers broke into the email accounts of the targets, sent messages from them to other senior officials asking them to click on links in the message in order to hack into more accounts, said Check Point. One of the messages was sent to Livni from the account of a general in the reserves, who she had corresponded with in the past.

Former foreign minister Tzipi Livni at a press conference in 2019Credit: מוטוי מילרוד

The hacker who impersonated the general wrote to Livni informing her that he had written an article, and included a link to the article in the email, asking for her comments on it. Livni suspected something was off with the message and the link, and thus did not open it. She then received another message from the same address urging her to read the article.

Livni took the initiative and called the general, who confirmed her suspicions and said he had not sent the email. The two then approached Check Point to investigate the matter.

This is just the latest discovery in a long and ongoing series of Iranian spying operations against Israeli and American officials using spear-fishing.

While most hacking today is simply for financial gain – with hackers trying to cast as large a net as possible – these cases are different: they are highly specific and targeted a small group of individuals or former officials whose positions may grant them access to classified information and intelligence.

In 2015, Check Point exposed a previous operation by the same group of hackers, in which they managed to reach Israeli military generals, senior defense officials, nuclear scientists, physicists, academics, business executives.



Automatic approval of subscriber comments.

Subscribe today and save 40%

Already signed up? LOG IN


Trump and Netanyahu at the White House in Washington, in 2020.

Three Years Later, Israelis Find Out What Trump Really Thought of Netanyahu

German soldier.

The Rival Jewish Spies Who Almost Changed the Course of WWII

Rio. Not all Jewish men wear black hats.

What Does a Jew Look Like? The Brits Don't Seem to Know

Galon. “I’m coming to accomplish a specific mission: to increase Meretz’s strength and ensure that the party will not tread water around the electoral threshold. If Meretz will be large enough, it will be the basis for a Jewish-Arab partnership.” Daniel Tchetchik

'I Have No Illusions About Ending the Occupation, but the Government Needs the Left'

Soldiers using warfare devices made by the Israeli defense electronics company Elbit Systems.

Russia-Ukraine War Catapults Israeli Arms Industry to Global Stage

Flame and smoke rise during an Israeli air strike, amid Israel-Gaza fighting, in Gaza City August 6, 2022.

Israel Should End Gaza Operation Now, if It Can