Israeli firm exposes Iranian cyberattack targeting Gaza ceasefire mediators

The Israeli firm Dream Security revealed earlier this month that Iran had carried out a sophisticated cyberattack for the purpose of spying on at least 200 targets involved in the ongoing Gaza ceasefire talks. The targets included Egyptian officials in Cairo and in Paris, France, as well as mediators from the United States and Qatar.

The cyberattack, in the first phase, was directed at the email account of the Foreign Ministry of Oman through malicious messages aimed at infiltrating and monitoring communications of involved diplomats. The emails, which were disguised as diplomatic correspondence, contained Microsoft Word documents that were forged to look like official letters from Oman. Once opened, they released malicious code that transformed into offensive cyber software capable of monitoring the target, reading correspondence, and recording conversations, according to a Ynet News report.

Dream Security believes the cyberattack against Oman and the diplomats was part of a wider Iranian phishing operation that the “Homeland Justice” hacker group, linked to the Iranian Ministry of Intelligence and Security, was behind.

Unlike earlier Iranian cyberattacks that primarily targeted infrastructure or sought to steal data, this operation appeared to have been aimed at disrupting or influencing negotiations.

The Israeli company emphasized that hacking diplomatic channels represents an attack method that merges the cyber and diplomatic arenas.

“When an authentic diplomatic channel becomes a cyber weapon, the diplomatic and cyber fronts merge into a single battlefield,” the company stated, adding that the attack was part of wider regional attempts at targeting diplomatic channels.

“Iran’s phishing operation reflects a broader regional espionage effort targeting diplomatic and government bodies during heightened geopolitical tension,” Dream Security officials said. “Diplomatic trust has become a strategic target. Patterns mirror previous Iran-linked attacks, including a 2023 operation in Albania.”

The "Homeland Justice" group has been hacking the Albanian government for several years because the country has been hosting 3,000 members of the Iranian opposition group, People's Mojahedin Organization of Iran – better known as Mojahedin-e-Khalq (MEK) – since 2013 at the request of the U.S. government.

Dream Security, founded in January 2023 by CEO Shalev Hulio, lists former Austrian Chancellor Sebastian Kurz as its chairman and Gil Dolev as CTO. According to Tal Fialkov, the company’s Vice President of AI and Cyber, Dream Security’s AI agents “provide unprecedented real-time mapping and analysis of state-level cyberattacks, giving countries a defensive advantage against complex threats.”

Using its own AI systems, Dream Security mapped the attack on Oman’s Foreign Ministry with autonomous agents scanning both the open and the dark web for malicious activity. The AI agents also carried out forensic analysis connecting domains, servers, and attack infrastructure. They traced the Iranian group responsible for the attack, mapped the infection campaign, and exposed its operational methods – potentially allowing for the disruption of the group’s capabilities.

Iran conducts cyberattacks against Israel on a regular basis. Most recently, Israel’s National Cyber Directorate foiled an attempt by the Iranian regime to use a fake website targeting IDF veterans and reservists with PTSD, luring them into sharing personal data while installing malware.