Iran expands digital offensive against Israeli leadership
Authorities urge rigorous cybersecurity measures as attacks increasingly target high-profile individuals.
The Shin Bet and the National Cyber Directorate have identified hundreds of Iranian attempts to carry out cyberattacks against senior Israeli officials in government, the defense establishment, media, and academia over the past year, the two organizations said in a joint statement on Wednesday. In recent weeks, Iranian hackers claimed to have breached the devices or online accounts of well-known figures such as former Prime Minister Naftali Bennett, Netanyahu's chief of staff Tzachi Braverman, and former minister Ayelet Shaked.
It now appears that these attacks are part of a broader campaign targeting hundreds of senior officials across Israel. According to the Shin Bet and the Cyber Directorate, recent months, particularly since the war with Iran, have seen a significant increase in attempts by Iranian intelligence actors to hack the Google accounts and messaging apps of current and former government officials, defense establishment personnel, defense industry professionals, journalists, academics, and even private citizens.
"The goal of these attempts is to collect personal and professional information that can be used to advance terrorist, espionage, and influence operations through targeted phishing," the statement said. "The methods include personalized appeals tailored to the victim’s interests, impersonation of familiar figures to invite meetings or downloads, and phishing messages aimed at obtaining login credentials, including passwords and two-factor verification codes for Google, Telegram, or WhatsApp accounts, thereby gaining full access to these accounts."
Efforts to thwart these attacks have included issuing targeted alerts, monitoring for unusual activity, blocking and removing unauthorized access, and briefing officials on account hardening and personal cybersecurity. The Shin Bet and the Cyber Directorate recommend that all users enhance protections by enabling two-step verification, updating recovery emails, and reviewing linked accounts. "Users should be vigilant about inquiries from unknown parties, avoid sharing personal information, and refrain from clicking on links from unfamiliar sources," the organizations said. "The Shin Bet will continue to detect hostile activity to preempt attacks and, together with the National Cyber Directorate, will strengthen defenses against these threats."
