Iranian Spear-Phishing Attack Impersonates Google, Outlook, and Yahoo Domains

Check Point Research has uncovered a renewed global spear-phishing campaign orchestrated by the Iranian threat actor Educated Manticore, also known as APT42, Charming Kitten, and Mint Sandstorm.

Linked to the IRGC Intelligence Organization, this group has intensified its operations amid growing Iran-Israel tensions, targeting high-value individuals with meticulously crafted attacks.

The campaign, which has seen a surge in activity over the past few days, focuses on credential theft and bypassing multi-factor authentication (MFA) through advanced social engineering tactics, posing a significant risk to academics, journalists, and geopolitical figures.

Campaign Targets High-Profile Individuals

The current wave of attacks primarily targets prominent Israeli figures, including leading computer science academics, cybersecurity researchers, and journalists covering intelligence and geopolitical topics.

However, Educated Manticore’s historical operations reveal a far broader scope, with past impersonations of international media outlets like The Washington Post ...