An Iranian activist exposed a phishing campaign targeting high-profile users in the Middle East, aiming to steal Gmail and WhatsApp credentials. The hackers used a fake website to capture sensitive information and potentially conduct surveillance on victims. The campaign's timing suggests possible ties to government-backed espionage efforts.

Stormshield's CTI team discovered servers linked to APT35, an Iranian APT group known for phishing campaigns. The team provided insights on how to identify these servers, highlighting ongoing phishing tactics targeting various sectors, particularly in Israel. They shared specific indicators of compromise and methods for tracking related domains.