APT42's Active Israel Phishing

Google is verifying recent accusations that APT42 has been targeting accounts related to the US presidential election

APT42, which is linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), frequently targets prominent users in Israel and the United States

APT42 increased Israeli consumer targeting in April 2024. They targeted academics, NGOs, diplomats, and Israeli military and defence officials

In their email phishing efforts, APT42 employs a range of strategies, such as hosting malware, creating phishing pages, and using malicious redirects

TAG destroyed APT42's infrastructure by resetting stolen accounts, notifying targeted users of government-backed attacker warnings

Google removed several Google Sites set up by APT42 that purported to be a petition from the authentic Jewish Agency for Israel

The emails didn’t contain any malicious material, and they were sent from accounts housed by different email service providers

TAG discovered and stopped a tiny but consistent pattern of phishing attempts using APT42’s Cluster C credential

APT42 has been successful in breaching accounts with a number of different email providers