Israel’s Cyber Directorate warns of phishing attack by Iran-based hacking squad

Governmental software safety watchdog alerts IT officers to malware posing as software update from American cybersecurity firm F5; says Iranian hackers clearly did their homework

Illustrative: Hacker using laptop on abstract binary code map background. (Peshkov/ iStock, by Getty Images)
Illustrative: Hacker using laptop on abstract binary code map background. (Peshkov/ iStock, by Getty Images)

Israel’s National Cyber Directorate issued a statement Tuesday warning of a phishing attack by Iranian hackers.

Posing as American network security conglomerate F5, Iranian hackers sent an email to IT officials in multiple Israeli companies with instructions to download what seems like an update, but is actually malware, said the directorate. Working with an unnamed commercial company, the directorate identified the hackers as members of an Iranian offensive cyber squad.

The Iranian malware consists of two programs, one of which saps data from the host computer, and another, called a “wiper,” which deletes the data from the source.

In its statement, the Cyber Directorate noted that the fraudulent email showed significant preparation on the hackers’ part. It includes accurate IP addresses belonging to F5 and alludes to the real company’s recent announcement of a software update.

On Sunday, the Cyber Directorate published a report outlining cyberattacks on Israel since the start of the war against Hamas. The attacks have reportedly originated from some 15 groups associated with Iran and its proxies, Hezbollah and Hamas.

Last week, the directorate announced that Iran and Hezbollah were behind a cyberattack on Ziv Medical Center in Safed earlier this month. The attack failed to disrupt the hospital’s operations but nevertheless managed to extract sensitive medical information.

The directorate’s statement on the faux-F5 malware includes technical details on damage control and diagnosis, imploring IT workers to notify the directorate if they identify either of the malware’s components in their systems.

Most Popular
read more: