Security News > 2020 > January > Targeted Phishing Campaign Leverages Death of Iranian General Qasem Suleimani
The campaign was using the heightened tension in the region following the killing of Iranian general Qasem Suleimani at a Baghdad airport, and used emails purporting to come from the Ministry of Foreign Affairs of the Kingdom of Bahrain, Saudi Arabia, and the United Arab Emirates.
The use of legitimate public services in malware attacks is a growing trend among attackers.
This is not an attack technique that has been associated with Iranian actors in the past, and is part of the reason that Blue Hexagon does not believe the campaign - despite the phishing lure - has any direct link to Iran.
The countries targeted can be called regional allies of the U.S.; and are exactly the countries that usually suffer from Iranian 'revenge' attacks against the U.S. The document attached to the emails shows images of Suleimani and Iran's traditional 'red flag of revenge'.
Despite Blue Hexagon's belief that Iran is not involved with the attack, it is worth noting that motivation for the campaign is difficult.