GeneralAnonymous Hackers Tied to Iran’s Regime Targeted American Researchers...

Anonymous Hackers Tied to Iran’s Regime Targeted American Researchers with Fake e-Mails

-

Proofpoint, a U.S. cybersecurity firm, reported that an anonymous group of hackers tied to Iran’s regime used sophisticated deception and social-engineering techniques to target academics and foreign-policy experts in the United States.

According to the firm’s researchers, the attack campaign — active between June and August 2025 — represents an evolution in Iranian state cyber espionage, where attackers combined traditional phishing techniques with legitimate remote-management tools to infiltrate sensitive targets.

Tehran-Backed Hackers Carried Out a Cyber Intrusion Against Mediators in the Gaza Ceasefire Negotiations

Proofpoint says the group used Iran-related political topics — including social changes and research into the militarization of the Islamic Revolutionary Guard Corps (IRGC) — as lures to deceive victims.

The hackers sent seemingly innocuous e-mails containing fake health-related links, bogus OnlyOffice hosts (a document collaboration platform), and remote-management tools.

Analysts say the tactics and tooling closely resemble those used by several known Iran-linked groups, but because of a lack of definitive evidence, Proofpoint has classified this actor independently.

Investigators found the attack chain began with a simple conversation and an e-mail about Iran’s economic and political situation, followed by efforts to steal account credentials. Then links containing archive files and malicious code were sent to victims that installed remote-management software on the target machines.

In the group’s first campaign in June 2025, the hackers impersonated a Brookings Institution staffer and contacted more than 20 U.S. researchers. The technique was technically similar to previous attacks by one of the known groups. The e-mails used the fake name “Susan Maloney,” presented as a director of the foreign-policy program at the Brookings Institution (a U.S. think tank).

Victims then received a link that appeared to point to OnlyOffice but redirected to a fake Microsoft login page hosted on a health-themed domain. After one target became suspicious of the phishing page, the attackers modified the login page and used the new version to continue the attack.

Later, zipped files contained programs that launched “PDQ Connect” (a remote-control application). In some cases, another tool called “ISL Online” was also installed, which provided attackers with direct access to the victim’s system.

Proofpoint said the high similarity in methods and infrastructure makes firm attribution to a specific known organization difficult. Nevertheless, the review shows the new actor’s tactics and targets align with the established patterns of Iran-linked groups.

Researchers say the continuous targeting of Iran-related foreign-policy experts remains a priority for Iran’s regime intelligence efforts.

Latest news

U.S. Treasury Targets Khamenei-Linked Financial Network

The U.S. Department of the Treasury sanctioned Ali Ansari, an individual linked to a network of exchange houses and...

Sharp Increase in Bread Prices in Iran

For years in Iran, it was commonly said that even if people could no longer afford meat, chicken, dairy...

U.S. Officials Call for Iran’s Regime to Publicly Declare an End to Attacks on Ships in Strait of Hormuz

Reuters reported that senior U.S. officials said on Friday, July 10, that Washington has asked Iran's regime to formally...

Water Shortages in Iran Have Become a Chronic Crisis, and Alarm Bells Are Ringing

Statements by Iranian regime officials at the beginning of the summer indicate that water stress has spread across most...

Continued Human Rights Violations In Iran: Security Forces Open Fire On People Celebrating Khamenei’s Death

As the Iranian regime staged the funeral of Ali Khamenei four months after his death, human rights media reported...

Iran’s July 9 Student Uprising Mark 27th Anniversary

Twenty-seven years have passed since July 9, 1999, when the Iranian regime's official security forces and paramilitary groups loyal...

Must read

US Must Learn From Iran Deal Flaws Before Summit With North Korea

Iran Focus London, 20 Apr - The Donald Trump...

US Tough Line on Iran Is Being Implemented

Iran Focus London, 30 Nov - According to several...

You might also likeRELATED
Recommended to you