""The campaign has systematically targeted high-value senior defense and government officials using personalized social engineering tactics,""
""These include inviting targets to prestigious conferences or arranging significant meetings.""
""What's notable about the effort is that it also extends to the targets' family members, creating a broader attack surface that exerts more pressure on the primary targets.""
""One of the group's hallmarks is its ability to mount convincing social engineering campaigns that can run for days or weeks in an effort build trust with the targets, in some cases masquerading as known contacts to create an illusion of authenticity, before sending a malicious payload or tricking them into clicking on booby-trapped links.""
Activity detected in early September 2025 has been assessed as ongoing and codenamed SpearSpecter by the Israel National Digital Agency. The campaign systematically targets high-value senior defense and government officials and also reaches their family members to expand the attack surface and apply pressure. Social engineering tactics are highly personalized, including invitations to prestigious conferences or arranged meetings, and can run days or weeks to build trust, sometimes masquerading as known contacts before delivering malicious payloads or booby-trapped links. APT42 has prior public documentation dating to late 2022 with overlaps to multiple IRGC-linked clusters, and separate subgroups carried distinct campaigns in mid-2025.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]