Iranian Hackers Catfish Israeli Cyber Geniuses With AI-Polished Lies and Google-Skinned Scam Pages

Hacker arriving in secret base with laptop, ready to start programming viruses. Scammer in criminal den opening notebook to exploit network servers and bypass security measures, camera B SSUCv3H4sIAAAAAAAAA1VUy27rNhD9lUJrC+BLpJhtN90U6AXu7qKLETmyiciiQVJJjcD/3iEl5yYBjIiHZ55nOB9d8N1LN3tEZVH3ytm5V4r5HozkvdJOcqm1sQa6U+ehYPfCpdRCyEEIRT9Gf6dughxc9/LRhWXZcklQQly7F7pJuHpM7RN9KDEFWOj0OHW5QNkyZjKjkyPfZ7pt56e/Xx8VpwR/oruscYnnO6WRt4mgP+P1thVMuXucnrR/MN4W/KT8HbLDZYEV4/aV9knoHv+eOjjj6u41i0dNd0FoSf3q1OyknIaht3JWvfIgepj10KsBqXauZzuM5ArBDjCB7FFPtlccqoGWvUHj6MMKj1OlCTYAN6wfBKfOKi/6SStquTRCM5gHhOpNejdJNyGFMlOv0NkeYB57Nk1+AOYMzppoWo3Ndz87z8jH6HpwmvUWvJmdnZQddEfFvb5Ti66tp7DG9X6tnaDaOJN85JVxCd7jWjGthWEVygWrSA2xoiJrLDjF+NpAweV4WOJ3O3RbCuXeQMZUM73E6NFXyHDBbIXegivh2liD0UOFbimeE+wYszs2J9ia4WC4lbZl62E913GqNC6at7ylNwxVZtfSMeYI847wumI+1NRMjqrCmFJMeWfqPZKL60zFrCXsdY+jZbI7ZqNUxApt+J5oeGvP4AsruxRuZfc4qL034F73PA2Txu5BfFjPzZAeVEsl3+7fnEMi7wfJ1rGo4FYf0DlF+t/qkEy0EAvcSrx9U+QKyzukXZRRWq3HQ5aE5RBlNBX660cbAskG1kTC/25LDI3DOQ2kfeoL73D/VmuCNcfrXsVomrMMUyzUqQZKo5rxRA3w8Wg0p5RlK2ZaCL9CWI4qteZ6d4Kk4pM9MtHYHmlUnvIxLfaeoSOZQj4qUkJ/qeBw+7uIt21ZMcFEEUvYXdGd3SWZl/gpSh31Q6d9sfzxdZxHKRhJRhsilksVlnYJKVIS3XbcKHqS5OsGE62flxmWjHUGct5Va8CjDY9r4drGo0VZO1m/6/vKx2Yq0b0Gf6zFfUleqNpYQ310G5UJ7UG16226hlKex0T9wvff7Mfj8T8ov+Cl4gUAAA==

A spear-phishing campaign by the Iranian-backed group Educated Manticore is targeting Israeli cybersecurity experts and university professors.

The attacks began in mid-June 2025 and exploit the ongoing Iran-Israel tensions to add urgency to their fake requests.

Hackers impersonate employees of top cybersecurity firms using convincingly professional emails and WhatsApp messages.

These bogus communications lure targets into giving cybersecurity advice for fake energy companies, a ruse that exploits trust and relevance.

The group uses AI-generated messages that are grammatically flawless and eerily formal to avoid raising suspicion.

Check Point researchers report this campaign is a major escalation in Educated Manticore’s technical prowess and strategic targeting.

Victims are funneled to spoofed Google Meet links and phishing pages designed to snatch both passwords and 2FA codes.

The malicious sites, hosted on Google Sites, mimic real authentication pages using slick React-based single-page apps.

The phishing infrastructure includes persistent WebSocket connections that transmit every keystroke in real time—even if the victim doesn’t hit “submit.”

Over 130 domains registered via NameCheap support this fast-moving scam, giving attackers the ability to swap domains quickly when flagged.

This campaign combines polished tech, psychological manipulation, and relentless infrastructure agility, marking a dangerous evolution in cyber warfare.