Iranian APT35 Hackers Targeting Israeli Tech Experts with AI-Powered Phishing Attacks

An Iranian state-sponsored hacking group associated with the Islamic Revolutionary Guard Corps (IRGC) has been linked to a spear-phishing campaign targeting journalists, high-profile cyber security experts, and computer science professors in Israel. "In some of those campaigns, Israeli technology and cyber security professionals were approached by attackers who posed as fictitious assistants to technology executives or researchers through emails and WhatsApp messages," Check Point said in a report published Wednesday. "The threat actors directed victims who engaged with them to fake Gmail login pages or Google Meet invitations." The cybersecurity company attributed the activity to a threat cluster it tracks as Educated Manticore, which overlaps with APT35 (and its sub-cluster APT42), CALANQUE, Charming Kitten, CharmingCypress, Cobalt Illusion, ITG18, Magic Hound, Mint Sandstorm (formerly Phosphorus), Newscaster, TA453, and Yellow Garuda. The advanced persistent threat (APT) group has a long history of orchestrating social engineering attacks using elaborate lures, approaching targets on various platforms like Facebook and LinkedIn using fictitious personas to trick victims into deploying malware on their systems. Check Point said it observed a new wave of attacks starting mid-June 2025 following the outbreak of the Iran-Israel war that targeted Israeli individuals using fake meeting decoys, either via emails or WhatsApp messages tailored to the targets. It's believed that…Read More