Iranian hackers have sought to weed out possible spies for Israel as part of a counterintelligence operation involving fraudulent job recruitment and employment lures over a seven-year period that ended in March, reports CyberScoop.
Malicious posts on X, formerly Twitter, and its Iranian counterpart Virsaty have been leveraged by threat actors pretending to be Israeli human resource employees and headhunters to lure individuals experienced in cybersecurity and IT into providing their names, birthdates, addresses, and academic and professional backgrounds, an analysis from Google Cloud's Mandiant showed.
"The data collected by this campaign may support the Iranian intelligence apparatus in pinpointing individuals who are interested in collaborating with Iran’s perceived adversarial countries. The collected data may be leveraged to uncover human intelligence operations conducted against Iran and to persecute any Iranians suspected to be involved in these operations," said Mandiant researchers. Such activity had a "weak overlap" with Iranian state-sponsored threat group APT42 due to its different IT infrastructure and was not related to recent Iranian attacks targeted at the U.S. elections, according to Mandiant Cyberespionage Analysis Head Ben Read.