French researchers specializing in the Israel-Hamas war trapped by Iranian hackers

Tehran is said to have launched a vast campaign of spying on universities in Europe and the United States. Microsoft research teams unveil on their blog this January 17, 2024 a report on attacks spotted in France, Belgium, the United Kingdom, the United States, but also in Israel and Gaza.

Microsoft attributes this attack to “Mint Sandstorm”, an Iranian hacker collective known for its campaigns against “ professors or others with knowledge of security and policy issues » which interest Tehran.

“ Based on the identity of the targets observed and the decoys used during this campaign, it is possible that this campaign aims to collect information on events related to the war between Israel and Hamas “, note Microsoft cyber experts.

Victims deceived by legitimate email addresses

To trap their target, Iranian hackers pose as journalists or colleagues before sending seemingly legitimate emails. In some cases, intelligence agents hacked into the addresses of a first victim before stealing their identity. The first exchanges did not contain malware in order to create a relationship of trust with the interlocutor.

The hackers ended up asking the target to read an attached article. This document contains a malicious script allowing remote commands to be executed on the victim’s computer, without the victim realizing it.

“ The ability to obtain and maintain system access may allow Mint Sandstorm to engage in a range of activities that may compromise privacy. System compromise may also result in legal and reputational risks for organizations affected by this campaign.e,” Microsoft alerts. If doubt persists about the identity of the interlocutor, an SMS or personal message will ensure that the interlocutor is not an Iranian spy.

Do you want to know everything about the mobility of tomorrow, from electric cars to e-bikes? Subscribe now to our Watt Else newsletter!