Cyber firm links worldwide phishing campaign to Iran-backed hackers

The attack took place on October 2, the Jewish Day of Atonement known as Yom Kippur, when much of the country was shut down for the holiday.

“Among the bodies that were attacked in the wave of Iranian attacks were Shamir Medical Center (Assaf Harofeh), where the attackers tried to interfere with hospital operations, without success,” said Yosi Karadi, head of the directorate in a statement.

“In the case of Shamir Medical Center, beyond the data leak, the very attempt to damage an Israeli hospital means a red line has been crossed, which could have led to an attack on human life,” Karadi added.

The hospital is a government-run medical complex in Be’er Yaakov, southeast of Tel Aviv, and one of Israel’s largest, serving patients from across the central region.

Karadi said the incident was contained “quickly and efficiently” thanks to coordination among government agencies.

The directorate said the breach was part of a broader pattern of Iranian cyber activity aimed at Israeli government bodies and private companies. It said hackers used stolen usernames and passwords to gain access to systems.

The agency said there had been at least 10 such cyberattacks.

“Over the course of recent weeks, the National Cyber Directorate has identified a trend of a wave of cyberattacks against companies that offer computer services to many companies in the economy,” the statement added.

Israeli authorities had initially blamed a Russian-speaking hacker group called Qilin, which reportedly demanded a $700,000 ransom, before investigators said they traced the operation to Iranian sources.

Earlier this year, Israel’s deputy cyber defense chief said cyberattacks against the country had tripled since the country's war with Hamas began on October 7, 2023, with Iran and its allied groups, including Hezbollah, intensifying their hacking efforts.

Since the ceasefire between Iran and Israel in June that ended the 12-day war, nearly 450 cyberattacks have targeted Israeli institutions, many traced to hacker groups aligned with Iran, cybersecurity experts told Iran International in early July.

In an interview with Swiss daily Le Temps, Rafael Grossi said Iran’s stockpile includes roughly 400 kilograms of uranium enriched to 60 percent, just short of weapons-grade.

“If it went further, Iran would have enough material for roughly ten nuclear bombs,” he added. “But we have no evidence that Tehran intends to build one.”

US President Donald Trump and Israeli Prime Minister Benjamin Netanyahu asserted that Tehran had resolved to race toward building nuclear weapons after they launched attacks on nuclear sites in a 12-day war in June.

The characterization appeared to contradict prior public US intelligence assessments. Iran denies seeking nuclear weapons.

Asked how badly the Israeli and American strikes damaged Iran’s nuclear program in June, Grossi said the damage to key sites in Isfahan, Natanz and Fordow was "severe."

Fear of renewed conflict

Tehran and the IAEA have yet to agree on how to resume the UN body's inspection of nuclear sites bombed by the United States and Israel.

“For now, Tehran is only allowing inspectors in dribs and drabs. It’s imposing limits out of security concerns – which I understand. But if diplomacy fails, I fear a renewed resort to force,” International Atomic Energy Agency (IAEA) director general, Rafael Grossi said.

The conflict paused their activities and while an agreement was reached in September on a framework for restored cooperation, little progress has been made since.

Iran denies seeking nuclear weapons and has accused Western countries of instrumentalizing a technical dispute with the IAEA to deploy onerous sanctions.

Grossi, a veteran UN technocrat, is widely seen as interested in becoming the global body's next secretary-general.

He added that while US President Donald Trump speaks of “obliteration,” Iran’s technical know-how has not vanished.

Urging diplomacy

Grossi said inspections must resume to be certain, adding that the agency believes most of the highly enriched uranium remains at Isfahan, Natanz, and Fordow.

He said he is confident in the agency’s assessment because inspectors visited those facilities shortly before the Israeli strikes and have since monitored them through satellite imagery.

“Countries tracking Iran’s program have reached the same conclusions as we have,” he said.

Grossi added that despite the escalation of regional tensions, Iran’s decision to remain within the international framework shows it still seeks a diplomatic route.

“After the twelve-day war, Iran could have cut ties with the international community, withdrawn from the Non-Proliferation Treaty, and become a pariah state like North Korea. It didn’t,” he said.

He commended that decision and said he continues to maintain diplomatic contact with foreign minister Abbas Araghchi.

“I’m maintaining diplomatic space by keeping regular contact with foreign minister Abbas Araghchi,” Grossi said.

Grossi's remarks come as Iran's foreign ministry spokesman Esmail Baghaei said that Iran must rely on both its missile capabilities and diplomacy to safeguard national interests.

Iran faces stark economic and geopolitical challenges as a lingering impasse over its nuclear program led to the resumption of European-triggered international sanctions last month.

Western countries have called for Tehran to engage in renewed diplomacy with Washington and restored access to international nuclear inspectors.

Speaking at a seminar on “resistance diplomacy” at Ferdowsi University in Mashhad, Esmail Baghaei said: “We must use all tools to protect the country’s rights -- whether through missiles or diplomacy and negotiation.”

“The concept of resistance has now evolved and taken the form of resilience,” he said, adding that that Iran’s approach combines self-reliance with international engagement.

His comments appeared to strike a relatively moderate tone, two days after Iran's ultimate decision-maker Supreme Leader Ali Khamenei appeared to reject a peace overture by President Trump and deployed sharp language at his nemesis.

The 86-year-old veteran ruler called Trump's repeated assertions that US attacks on June 22 had obliterated Iran's nuclear program "nonsense" and in a rare direct address to a US President told him to "keep dreaming."

Khamenei appeared to rule out renewed talks, calling reported US demands for curbs to Iranian missile ranges and Tehran's support for regional armed groups bullying and a

Baghaei said Iran faces powerful adversaries but remains capable of shaping developments within the international system.

“Our opponents invoke international law to justify their actions, so we must also rely on the same law to prove our rights,” he said. “Resistance diplomacy must be seen as an active instrument to secure national interests.”

He defended Tehran’s stance in the wake of the UN sanctions snapback mechanism, saying that Western powers had expected immediate compliance but were surprised by global resistance to reimposing restrictions.

• 

  China walks tightrope as UN sanctions drive Iran deeper into its orbit

• 

  Iran-Russia trade shrinks despite closer security ties

• 

  Iran debate over Russia reliance flares anew amid Putin's mediation offer

Support for regional groups

Addressing Iran’s backing of allied groups in the region, Baghaei rejected the notion that Tehran created “proxy” groups.

“We did not create them,” he said. “The issues of Palestine and Lebanon did not begin in 1979 (when the Islamic Republic was established). These movements existed long before, and we have supported them based on our constitutional and strategic principles.”

Baghaei added that Iran’s support is “based on a defined framework” and that “to prevent harm, we must build allies within the international system.”

He said the resilience of such movements is enduring despite repeated attempts to weaken them.

“After two years, those who claimed resistance was finished end up sitting at the same table with them,” he said. “The foundations of resistance are deeply rooted and cannot be easily destroyed.”

• 

  Trump says strikes on Iran lifted 'dark cloud’ over Middle East

• 

  Vance says US set on diplomacy to deprive Iran of nuclear weapon

• 

  Best defense: why Tehran might go on offensive to avoid bitter concessions

On diplomacy and international law

Baghaei also defended Iran’s record on diplomacy, citing past cooperation with global institutions and negotiations with Washington.

He recalled that after the US withdrawal from the 2015 nuclear deal, Iran “remained committed for months” before gradually reducing compliance.

He also noted that indirect talks with the United States had taken place under both Trump and Biden but collapsed due to continued sanctions and regional tensions.

“When one side plans an attack and then invites you to a meeting, how can you attend such a session?” he said, referring to recent incidents.

“Hezbollah has a long history of turning to its diaspora networks when it’s facing financial stress,” analyst Matthew Levitt said.

He told senators that while Iran continues to support the group, “it is having a much harder time getting that money to Hezbollah in a timely manner.”

Lawmakers described Venezuela as a growing hub for Hezbollah’s drug and finance operations.

Senator Sheldon Whitehouse, the top Democrat on the Senate International Narcotics Control Caucus, said the group “is one of Iran’s tools to destabilize and terrorize,” adding that “if we target Hezbollah’s financing, we can deny them the opportunity to rebuild.”

Levitt said Hezbollah has operated in Latin America for nearly five decades, cultivating ties with traffickers and using illicit trade networks to move money.

“If you need big money real fast, you turn to illicit activities and especially to narcotics trafficking,” he said.

Several senators urged a tougher US response to Venezuela’s cooperation with Iran.

Senator Bernie Moreno said the Maduro government’s actions “meet the legal standard” to be labeled a state sponsor of terrorism and warned that “Maduro should know his days are numbered.”

Witnesses also called on Latin American governments to follow the lead of Argentina, Colombia, and Paraguay in designating Hezbollah as a terrorist organization, saying it would help disrupt its financial activity and weaken Tehran’s influence in the region.

In an interview with ISNA, Shamkhani said national cohesion was vital in the face of external pressure and domestic challenges.

“We are all in the same boat shaped by the sacrifices of the martyrs of the Islamic Revolution, and it would be a shame if our differences created weaknesses,” he said.

He urged all political groups to “act together under the leadership of the Supreme Leader,” adding that adversaries were trying to exploit divisions to harm the country.

The comments came just days after footage surfaced online showing Shamkhani escorting his daughter at a wedding ceremony in a Tehran luxury hotel.

The video, shared widely on X since mid-October, appeared to show a large, Western-style celebration and drew sharp criticism from social media users accusing officials of hypocrisy amid the country’s deepening economic crisis and renewed enforcement of hijab rules.

The wedding reportedly took place in April 2024 at Tehran’s Espinas Palace Hotel. At the time, Iranian outlets estimated the cost at about 14 billion rials (over $21,000). The family did not comment on the reports, and Shamkhani has not publicly addressed the new controversy surrounding the footage.

Shamkhani, a former secretary of Iran’s Supreme National Security Council and now a member of the Expediency Council, has long been a prominent figure in Iran’s security establishment. He also serves as the Supreme Leader’s representative in the National Defense Council.

• 

  Naked hypocrisy: leaked wedding video sparks new scandal for Iran’s rulers

• 

  Double standard: privacy defense over Shamkhani leak angers Iranians

Leak fuels political blame game

The video has drawn reactions even from hardline circles. Some conservative commentators questioned how senior officials could call for patience under sanctions while appearing at opulent private events. Others defended Shamkhani, saying the ceremony was private and attended only by family members.

Former state broadcaster chief Ezzatollah Zarghami described the exposure as “a new method of assassination,” accusing Israel of waging psychological warfare through cyberattacks. IRGC-linked Mashregh News also said the leak aimed to “undermine an effective official,” blaming both “foreign enemies and certain domestic circles.”

The hardline daily Kayhan, which is funded by the Supreme Leader’s office, went further, accusing allies of former president Hassan Rouhani and ex-foreign minister Mohammad Javad Zarif of involvement. The paper called the release of the footage a “proxy character assassination,” saying that Shamkhani’s past criticism of Rouhani’s handling of nuclear policy had fueled political resentment.

Pro-hardline activists echoed that view online, arguing that the leak followed Shamkhani’s recent comments implicating the previous administration in the delayed acknowledgment of the 2020 downing of a Ukrainian airliner by the Revolutionary Guards.

Figures close to Rouhani have denied any connection to the leak. A source told the news outlet Khabar Online that the act was “unethical and contrary to Islamic norms.”