Iranian APT35 Launches AI-Powered Phishing Attacks Targeting Israeli Tech Experts. A new wave of highly sophisticated phishing campaigns, attributed to the Iranian state-backed hacker group APT35, is targeting Israeli technology professionals, according to cybersecurity experts tracking the group’s activities.
APT35, also known as “Charming Kitten,” has reportedly integrated artificial intelligence into its phishing operations, enabling them to craft hyper-personalized lures and mimic legitimate communications with alarming accuracy. The campaigns focus on stealing credentials, particularly through the use of convincingly fake Gmail login pages and techniques designed to bypass two-factor authentication (2FA).
Security researchers from multiple threat intelligence firms have confirmed that these AI-enhanced attacks mark a significant escalation in APT35’s capabilities. “This is not just a spray-and-pray phishing operation,” said one analyst. “They are using AI models to generate contextually relevant messages that appear to come from trusted sources—former colleagues, industry experts, or even Israeli government officials.”
Fake Gmail Pages and 2FA Circumvention
Victims are typically lured through LinkedIn messages or email invitations to webinars and security briefings, often impersonating legitimate figures in Israeli defense or tech sectors. Once engaged, targets are redirected to cloned Gmail login portals nearly indistinguishable from the real interface.
What makes this campaign particularly dangerous is its method for bypassing 2FA. Experts report that APT35 deploys real-time phishing kits capable of intercepting authentication tokens. “These kits act as middlemen,” said a spokesperson for a cybersecurity defense firm. “As soon as a user enters their credentials and 2FA code, it’s instantly relayed to the attackers—who then gain access before the session expires.”
Strategic Espionage Motive
APT35’s campaign appears to be part of a broader intelligence-gathering effort focused on Israeli tech companies, cybersecurity researchers, and defense contractors. These efforts align with Iran’s geopolitical objectives and its long-standing cyber-espionage campaigns against perceived adversaries in the region.
The Israeli National Cyber Directorate has issued a bulletin urging heightened vigilance, particularly among professionals working in sensitive sectors. “These attacks are targeted, adaptive, and increasingly difficult to detect,” the statement reads. “We urge organizations to implement phishing-resistant multi-factor authentication methods and increase staff awareness through continuous security training.”
Global Implications
The use of AI by nation-state threat actors is a harbinger of what experts warn could be the next evolution in cyber warfare. With tools like generative text models and deepfake media becoming more accessible, the line between legitimate and malicious communication is increasingly blurred.
“This is a warning to the global cybersecurity community,” said Dr. Lior Matalon, a cybersecurity policy advisor. “We are witnessing the convergence of AI and cyber-espionage in a way that challenges traditional defenses.”
Key Takeaways:
Experts urge implementation of phishing-resistant MFA and user education.
Iranian APT35 is deploying AI to conduct targeted phishing attacks.
Campaigns focus on Israeli tech and defense professionals.
Tactics include fake Gmail pages and advanced 2FA bypass methods.
