Report: Iranian ‘honey trap’ sites try to enlist spies to ostensibly work for Israel

Cybersecurity experts say 16 sites, using same phrasing, logos, and sometimes web infrastructure, likely part of Iran-backed counterintelligence operation

Illustrative: An Iranian flag made from binary code. (Sergio Lacueva/iStock Photo by Getty Images)
Illustrative: An Iranian flag made from binary code. (Sergio Lacueva/iStock Photo by Getty Images)

Experts believe a network of fake websites offering former spies and soldiers in Iran, Syria, and Lebanon espionage work for Israel is a counterintelligence effort run by Iran-linked operatives, according to a report this week.

The Daily Beast reported that at least 16 such sites used the same pitch, phrasing, logos, phone numbers, and even in some cases web infrastructure, to lure those who worked in sensitive security jobs in the Hezbollah terror group, the Assad regime, or in Iran.

The recruiting sites surfaced and disappeared on a number of web hosts over a four-year period, pitching users in Iran, Syria, and Lebanon through Google Ads, the report said.

Iran-focused cybersecurity researchers said they suspect the intelligence jobs sites are part of an Iranian counterintelligence effort, and are certain that the “crude and clumsy sites” are fakes, with no plausible connection to Israel’s actual spy services, the report said.

However, this could not be independently verified.

Amin Sabeti, a cybersecurity expert and the director of Computer Emergency Response Team in Farsi (CERTFA), told the news site he believes the sites are “a honey trap by the [Iranian] regime to identify the potential people interested in working with the foreign intelligence services.”

The Daily Beast said it found the sites during an investigation into a series of apparent phishing websites that spoofed think tanks and news organizations focused on the Middle East and national security, which cybersecurity experts also linked to Iran.

Google and Facebook could not confirm who may be behind the phishing domains, the report said. Telegram, which hosted messaging accounts for the fake jobs sites, did not respond to The Daily Beast’s inquiries.

In October, Israel’s cyber directorate issued a general warning to Israeli businesses to be aware of potential cyberattacks, as the country faced an uptick in hacking attempts.

In December, Israeli cybersecurity giant Check Point said that a hacking group identified with the Iranian regime was using a computer vulnerability called one of the worst ever seen to attack Israeli targets.

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed