Recent news confirms a surge in Iranian phishing attacks targeting the personal accounts of prominent Israeli journalists and public figures. According to a June 23, 2025 report by Channel 12 News, Iranian hackers used phishing techniques to compromise Google accounts of well-known Israeli journalists. The attackers impersonated trusted Israeli figures—such as the prime minister’s adviser and former JNS senior editor Caroline Glick—and contacted targets via WhatsApp. They invited journalists to a fake Google Meet page, where the victims entered their credentials, granting the hackers access to their Google accounts, including Gmail. The impersonated figures were carefully chosen: well-known enough to be credible, but not in frequent contact with the targets, reducing suspicion.
This campaign is part of a broader escalation of Iranian cyber operations against Israel in 2025. The Shin Bet, Israel’s internal security agency, reported that 85 Iranian cyberattacks aimed at gathering intelligence for assassination plots were thwarted this year. These attacks often used phishing messages with fake Google Meet links tailored to each target, seeking information like home addresses and personal routines. The goal was to pass this intelligence to operatives inside Israel, with civilians increasingly being recruited for espionage and even attempted attacks.
Google’s Threat Analysis Group and other cybersecurity firms have also documented a spike in APT42 (an Iranian state-backed group) phishing campaigns against Israeli military officials, diplomats, journalists, and civil society members throughout 2024 and into 2025. These campaigns frequently use social engineering, malicious links, and fake documents hosted on platforms like Google Drive, Dropbox, and OneDrive to harvest credentials. APT42’s operations have grown more aggressive and sophisticated, leveraging typosquatted domains and fake petitions to lure victims.
