The National Cyber Security Centre (NCSC) has warned about an ongoing threat from spear-phishing attacks carried out by cyber actors working on behalf of the Iranian government. In a joint advisory with its U.S. partners, the NCSC shared technical details about how cyber-attackers affiliated with Iran’s Islamic Revolutionary Guard Corps (IRGC) are using social engineering techniques to gain access to victims’ personal and business accounts online. The malicious activity targets individuals with links to Iranian and Middle Eastern affairs, including current and former senior government officials, senior think tank personnel, journalists, activists, and lobbyists.
Paul Chichester, NCSC Director of Operations, stated, “The spear-phishing attacks undertaken by actors working on behalf of the Iranian government pose a persistent threat to individuals with a connection to Iranian and Middle Eastern affairs.”
The advisory warns that threat actors have been observed impersonating contacts over email and messaging platforms, building rapport with targets, and soliciting them to share user credentials via a false email account login page. This information is then used to access victims’ accounts, view and delete messages, and set up email forwarding rules. The actors tailor their social engineering techniques to include areas of interest or relevance to their targets, such as impersonating family members or well-known journalists, discussing foreign policy topics, and sending invitations to conferences.
Spear-phishing tactics by Iranian hackers
In other cases, they have impersonated email service providers to obtain sensitive user security information. Analysts in the U.S. have also observed targeting of people associated with current political campaigns.
The NCSC believes this activity seriously threatens various sectors worldwide, including in the U.K. To reduce the chances of compromise, the advisory encourages high-risk individuals to follow mitigation steps and approved guidance, which includes signing up for free cyber defense services offered by the NCSC. Paul Chichester emphasized the need for vigilance, urging those at higher risk to stay alert to suspicious contact and take advantage of the NCSC’s free cyber defense tools to protect themselves from potential compromise. With our allies, we will continue to call out this malicious activity, which puts individuals’ personal and business accounts at risk, so they can take action to reduce their chances of falling victim,” he said.
In a sign of escalating global tensions, the NCSC issued another advisory late last month urging individuals and organizations to take protective action after it exposed a botnet operated by a company with links to the Chinese government, believed to have compromised over 260,000 devices worldwide.