The UK’s National Cyber Security Centre (NCSC), along with American agencies such as the FBI and the Department of the Treasury, has issued a joint alert regarding the rising threat of spear-phishing attacks executed by Iranian government-backed threat actors.
Recently, advanced persistent threat (APT) groups linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) have been targeting individuals closely associated with Middle Eastern affairs. In the UK, victims have included current and former government officials, think tank employees, journalists, activists, and lobbyists. In the US, political campaign staff have also fallen victim to these attacks.
These Iranian attackers are employing common social engineering techniques to gain the trust of their targets by impersonating familiar contacts—such as colleagues, journalists, or even family members—through email and messaging platforms. They use these deceptive identities to foster a rapport, often discussing relevant topics like the Gaza conflict or extending invitations to conferences.
The primary objective is to trick the victims into revealing their email credentials via counterfeit login pages. Once they gain access, the attackers can fully exploit the email accounts, exfiltrating or deleting messages at will, and even creating rules to forward incoming emails to their own controlled inboxes.
“The spear-phishing attacks conducted by Iranian government actors pose an ongoing threat to individuals linked to Iranian and Middle Eastern issues,” stated Paul Chichester, operations director at NCSC. “Together with our allies, we are committed to highlighting this malicious activity, which endangers both personal and professional accounts, encouraging individuals to take proactive measures.”
Chichester urged those at higher risk to remain vigilant against suspicious communications and to utilize the NCSC’s free cyber defense tools to enhance their security.
The NCSC emphasized that this activity presents a continuous threat across various sectors and is advising potentially vulnerable individuals to follow the recommended mitigation steps detailed in their advisory. These steps generally involve skepticism towards unsolicited communications, unknown links, unexpected requests or alerts, shortened URLs, and unusual spelling or grammar.
Furthermore, the NCSC provides advice for high-risk individuals on enhancing their online security, while those facing extreme risks may qualify for services like the NCSC’s Account Registration, which monitors threats to personal accounts, and the Personal Internet Protection service, which restricts access to known harmful domains.
The NCSC reassured the broader public that there is no need for excessive concern, although its guidance remains prudent for general online safety.
In a related development, the US Department of Justice (DoJ) has unsealed an indictment against three identified IRGC agents—Masoud Jalili, Seyyed Ali Aghamiri, and Yaser Balaghi—accusing them of participating in a conspiracy to hack into the accounts of current and former US officials, journalists, NGOs, and political campaign staff.
The indictment alleges that the defendants have been active since at least 2020, with serious accusations of orchestrating a hack-and-leak campaign that aimed to exploit stolen materials from a ‘Presidential Campaign 1’—widely believed to be the Republican campaign—while attempting to leak it to individuals linked with ‘Presidential Campaign 2,’ identified as the Democratic campaign during the timeframe of the operation in May.
“The Justice Department is tirelessly working to expose and counter Iran’s cyberattacks, aimed at inciting discord, eroding trust in our democratic processes, and influencing elections,” stated US Attorney General Merrick Garland. “It will be the American people—not Iran or any other foreign entity—who determine the outcomes of our elections.”
FBI Director Christopher Wray commented, “Today’s charges mark the conclusion of an extensive FBI investigation that has led to the indictment of three Iranian nationals tied to a broad governmental hacking campaign. The actions detailed in this indictment showcase Iran’s audacity. Let it be clear: the FBI has a message for the Iranian government—your hackers will not find refuge behind their screens.”