National Digital Agency exposes ‘SpearSpecter,’ a cyber espionage campaign linked to the IRGC, using WhatsApp lures, impersonation and a PowerShell backdoor to target senior defense and government figures The National Digital Agency has uncovered a sophisticated and unprecedented Iranian cyber espionage campaign, codenamed “SpearSpecter,” attributed to a known Iranian threat group linked to the Islamic Revolutionary Guard Corps’ intelligence organization (IRGC-IO). The group—also operating under names such as APT42 and CharmingCypress—has shifted tactics, moving away from broad, indiscriminate cyberattacks to highly targeted espionage based on advanced social engineering. 2 View gallery Members of Iran’s Islamic Revolutionary Guard Corps (IRGC) operate at computer stations in an undated image (Photo: Screengrab) In a briefing with cyber researcher Shimi Cohen and Nir Bar Yosef, head of the agency’s cyber unit, officials revealed that the campaign systematically targets high-value individuals in Israel’s defense and government sectors, as well as their family members. “This campaign marks a significant evolution,” said Bar Yosef. “Cyberattacks are becoming more personal and resource-intensive. It’s not just about stealing passwords anymore—it’s about gaining long-term, persistent access to specific targets.” The attackers invest days or even weeks building what appear to be legitimate personal or professional connections with their targets. Common
Read More









