Hackers are targeting Israelis with spyware disguised as a smartphone application that mimics a popular emergency alert service in a new cyber espionage campaign.
This is according to a new cybersecurity report released by Swiss cybersecurity firm Acronis on Friday.
The cyber espionage campaign, uncovered in the aftermath of recent US and Israeli strikes on Iran, attempts to trick users into installing a malicious Android app by sending text messages that appear to come from the Israel Defense Forces’ Home Front Command.
What they are saying
According to researchers at Acronis, the fraudulent messages urge recipients to download what is presented as an updated version of the official “red alert” application, which is used to warn residents about imminent rocket attacks.
- According to the report by Acronis’ threat research unit, anyone who follows the instructions and installs the fake app inadvertently downloads spyware onto their device.
- The malicious application can secretly track precise location data and extract sensitive information stored on the device, including text messages, passwords, and contact lists.
- The researchers warned that the operation exploits public trust in emergency alert infrastructure during periods of heightened conflict.
The hackers behind the campaign are believed to be connected to Arid Viper, a threat actor previously linked to espionage activities targeting Israeli military personnel and individuals in Egypt and Palestine.
Acronis described the group as “a capable and well resourced threat actor operating with clear objectives,” adding that the campaign demonstrates how cyber attackers can weaponise trusted digital tools during geopolitical crises.
Get up to speed
Cyber espionage reinforces the use of technology in the ongoing U.S.-Israel versus Iraq war.
Earlier reports revealed that Israel allegedly infiltrated Iran’s traffic camera network for years to monitor Ayatollah Ali Khamenei and other senior Iranian officials ahead of his assassination on Saturday.
- According to Financial Times report citing Israeli intelligence sources, nearly all traffic cameras in Tehran had been compromised, with footage encrypted and transmitted to servers in Tel Aviv and southern Israel as part of a broader intelligence operation involving cyber intrusion, human assets and advanced data analytics.
- According to the publication, one current Israeli intelligence official described how detailed surveillance allowed analysts to detect even minor irregularities in daily routines, saying “we knew Tehran like we know Jerusalem”
The report said one camera provided a clear vantage point of where bodyguards and drivers attached to senior officials parked their vehicles, enabling intelligence officers to build a detailed “pattern of life” profile around Pasteur Street in Tehran, where key government institutions are located and where Khamenei was killed.
What you should know
Separately, cybersecurity firm Check Point Software Technologies reported on Wednesday that attackers had also attempted to breach surveillance camera systems in Israel and other countries across the Middle East.
Several hacking groups believed to be aligned with Iran have claimed responsibility for cyberattacks on Israeli companies and government agencies in recent days.
Despite the heightened activity, cybersecurity analysts say digital attacks have not yet played a decisive role in the ongoing conflict, which escalated after US and Israeli forces launched strikes on Iranian targets on February 28.
