Iranian hackers targeting US, Israeli medical researchers: analysis
A hacking group associated with the Iranian government targeted senior medical researchers in the U.S. and Israel over the past few months, new research released Wednesday found.
Cybersecurity group Proofpoint found as part of its report that the Iranian hacking group, known as “Phosphorous” or “Charming Kitten,” had begun targeting around 25 medical professionals in the fields of genetic, neurology and oncology research in both the U.S. and Israel in December.
The Iranian hackers went after their targets in an effort to obtain personal account credentials, using malicious phishing emails to lure the targets to a page masquerading as a Microsoft login page.
Proofpoint researchers described the victims in a blog post as “extremely senior personnel at a variety of medical research organizations,” and noted that the effort was likely part of an intelligence-gathering operation as well as the result of ongoing tensions between Iran and Israel.
The effort to target medical researchers was new for the group, which Proofpoint researchers wrote was typically known to go after academics, diplomats, journalists and dissidents of the Iranian government as part of its cooperation with the Iranian Revolutionary Guard Corps.
The latest malicious hacking effort comes after a year of escalating cyberattacks on hospitals, researchers and other groups in the midst of the COVID-19 pandemic, with nations including China particularly active in this effort.
The Phosphorus hacking group is one of the most prolific Iranian state-sponsored hacking groups, and has picked up its activities in recent years.
Microsoft last year reported that the same hackers had attempted to target around 100 high-ranking attendees of the Munich Security Conference.
This attribution came a year after Microsoft in 2019 pointed to Phosphorus as being responsible for targeting and attacking hundreds of Microsoft accounts, including staffers of an unnamed presidential campaign.
Reuters later reported that the campaign targeted was former President Trump’s reelection campaign, though a Trump campaign spokesperson told The Hill at the time that there was “no indication” that any campaign infrastructure was targeted.
The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.