Listen to this Post
Unmasking a Sophisticated Cyber Threat
A new wave of cyber warfare has emerged amid the Iran-Israel conflict, and it’s more deceptive and dangerous than ever. An Iranian state-backed hacking group, known as “Educated Manticore,” has intensified its activities with a well-orchestrated spear-phishing campaign aimed at Israeli journalists, cybersecurity professionals, and academics. This advanced threat operation, reportedly linked to the Islamic Revolutionary Guard Corps (IRGC), has been dissected in a detailed report by Check Point, revealing a dangerous evolution in social engineering and phishing techniques powered by AI and cloaked in geopolitical tension.
Targeted Deception: the Original
The latest report by cybersecurity firm Check Point exposes a spear-phishing campaign orchestrated by Educated Manticore—an Iranian APT group with ties to the IRGC. This group, which shares traits with other known aliases like APT35, APT42, Charming Kitten, and TA453, has a well-documented history of impersonation and malware deployment.
Since mid-June 2025, following the outbreak of the Iran-Israel war, this campaign has ramped up against Israeli targets. Attackers disguised themselves as assistants to prominent tech executives and researchers, reaching out via email and WhatsApp. These interactions led victims to believe they were being invited to meetings, often under urgent pretexts tied to national cyber defense, particularly invoking AI-related cybersecurity efforts.
No malware was attached to the initial messages, which helped earn the trust of victims. Only later would attackers drop links to highly sophisticated fake Google login pages—sometimes mimicking Google Meet interfaces—hosted on Google Sites. These decoys harvested credentials and even two-factor authentication (2FA) codes using a React-based phishing kit, WebSocket technology, and passive keyloggers.
The campaign is marked by its strategic timing, aggressive targeting, and rapid deployment of infrastructure. Each fake site mimics legitimate services closely, using cutting-edge design methods to bypass scrutiny and maximize trust. With ongoing geopolitical instability, Educated Manticore is leveraging AI-generated content and social pressure to push Israeli professionals into compromising situations.
What Undercode Say: 🧠 Deep Dive Analysis
Geopolitical Cyber Warfare in Real Time
This campaign reflects a dangerous shift in cyber warfare—where psychological manipulation, AI-generated content, and geopolitical leverage are combined. It’s not just about stealing passwords anymore; it’s about gaining systemic access by exploiting trust.
The Sophistication of Educated Manticore
This is no ordinary hacking crew. Educated Manticore has refined its tactics, utilizing legitimate platforms (e.g., Google Sites, WhatsApp, Gmail interfaces) as trojan horses. Their phishing kits are engineered with advanced tech stacks like React SPA and WebSockets, making detection incredibly difficult.
Why This Campaign Works
The timing is surgical. The Iran-Israel conflict has increased tensions, and urgency-based social engineering—like asking for emergency help in a national AI cybersecurity effort—is highly effective. The campaign uses real-world triggers to lower defenses and increase response rates.
AI and Phishing: A Dangerous Combo
AI is becoming a double-edged sword. While defenders use AI to detect anomalies, attackers use it to generate fluent, human-like messages. This enables them to bypass traditional phishing filters and even trick trained cybersecurity professionals.
Trust-Based Exploitation
Unlike older attacks that used malicious attachments or crude links, this operation emphasizes relationship building. It’s a long game. Only after trust is built are malicious links shared, increasing the likelihood of success.
The Dual Threat of 2FA Harvesting
By capturing 2FA codes along with credentials, the phishing kit escalates the risk. This bypasses the very security layer meant to protect users even if their passwords are leaked.
Technical Infrastructure & Agility
Rapid deployment of phishing domains and dynamic takedowns indicate an organized, well-resourced operation. The team adapts quickly, staying ahead of security takedowns, and mirrors legitimate services almost perfectly.
Professional Community at Risk
The choice of targets—cybersecurity experts, professors, and journalists—is telling. These individuals not only hold sensitive data but also influence public discourse and national security. Compromising them offers both tactical and strategic gains.
WhatsApp as a Weapon
Using WhatsApp taps into users’ informal communication habits. People are less cautious on mobile chat apps, making it an ideal vector for delivering seemingly urgent messages.
Implications for Israeli Cybersecurity
With this level of infiltration and deception, Israeli cybersecurity must now deal with both technical and psychological aspects of defense. The traditional perimeter is no longer enough.
✅ Fact Checker Results
Check Point confirms the phishing campaign is linked to IRGC-backed Educated Manticore.
The fake login pages closely replicate Google’s interfaces, increasing success rates.
The group utilizes cutting-edge web technologies and real-time credential capture tactics.
🔮 Prediction: What’s Next?
The tactics deployed by Educated Manticore will likely expand beyond Israeli targets as geopolitical tensions ripple globally. With AI-generated social engineering becoming more convincing and phishing kits getting more advanced, we predict a global surge in targeted attacks on tech professionals, researchers, and policy influencers. Expect a rise in AI-driven deepfake phishing across industries—not just in wartime scenarios, but also for corporate and political espionage.
References:
Reported By: thehackernews.com
Extra Source Hub:
https://www.quora.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
