Summary
This document is an advisory that provides situational awareness regarding ongoing Iranian cyber campaigns targeting organizations and individuals associated with Israel. The advisory outlines three distinct campaigns identified by cybersecurity researchers, which include phishing attacks aimed at data collection and advanced malware for intelligence gathering. The first campaign, detailed in a report by Mandiant, involves social engineering tactics targeting academics and media personalities through fake recruitment websites. The second campaign, highlighted by Microsoft, describes the deployment of a new malware named Tickler by the Iranian group Peach Sandstorm, which targets various sectors for intelligence gathering. The third campaign, noted in a joint advisory by the FBI and CISA, warns about ransomware attacks facilitated by Iran-based actors against U.S. organizations in critical sectors. The advisory concludes with recommendations for organizations to follow mitigation guides and conduct regular vulnerability assessments to reduce exposure to these threats.
