By Maryam Manzoori | 2024-12-13

An apparent Iranian attempt to lure two Israeli government ministers to a ceremony in New York via fraudulent email invitations has been disrupted and exposed as a likely intelligence-gathering scam, security officials said.

Israel's national resilience minister Yitzhak Wasserlauf became suspicious after he and heritage minister Amichai Eliyahu received invitations from a "rabbi" to an event in New York, with travel and accommodation arrangements included.

The invitations, purporting to be from the New York-based Chabad movement, contained details about the supposed participation of prominent Jewish figures.

Investigators found the invitation to be fraudulent, and concluded that Iran-linked elements had likely orchestrated the operation to gather intelligence or establish contact with senior Israeli officials.

The failed cyber campaign is a move right out of the Islamic Republic's playbook -- part of a broader campaign of digital warfare that follows a pattern of Iranian intelligence activities.

In November, Rabbi Zvi Kogan, a Chabad emissary in the United Arab Emirates (UAE), was abducted and killed by what authorities believe was an Iranian-linked terror cell.

In 2020, US-based Iranian-German software developer and political activist Jamshid Sharmahd was abducted during a UAE stopover and taken to Iran via Oman.

Iranian authorities executed Sharmahd in October.

Terror campaigns

Iran has increased recruitment of individuals from former Soviet republics for activities ranging from terrorist attacks to intelligence gathering, according to the Algemeiner Journal.

Iranian cyber operations have grown sophisticated, employing methods including fake job offers, government agency impersonation, financial proposals and academic conference invitations.

"Iranian phishing attacks have become more targeted and tailored to the victims' areas of interest," said Israel National Cyber Directorate (INCD) technological defense division chief Tom Alexandrowicz.

INCD has identified at least 15 distinct Iranian cyberattack campaigns since October 2023, each involving thousands of targeted emails to private and public sector entities.

Groups such as "Black Shadow" and "MuddyWater" are operating under the Iranian regime, sometimes through Tehran-based private companies, Ynet reported.

"During the last 45 years, the regime quietly continued to recruit in the world to perform its terror campaigns, whether it is threatening Iranian dissidents or foreign enemies of the regime," said a Los Angeles-based Iranian artist.

The Islamic Republic has been suppressing people inside Iran and threatening them abroad, said the artist, who asked that her name not be used.

"The regime has no shame," she added. "Each time the security services of countries like the United States, Canada and Israel provide evidence that Tehran has a hand in performing terror activities, Iranian regime officials deny it."

"We don't believe their empty words. They are a source of darkness and bring shame to the Iranian people," she said.