The NCSC and FBI just issued a major alert over a state-backed hacker group – here’s what you need to know
State-affiliated attackers are targeting individuals via spear-phishing techniques, according to the NCSC
The National Cyber Security Centre (NCSC) has warned that Iran-linked hackers are using social engineering to target government officials, lobbyists, and others.
In a joint advisory with the FBI, the NCSC said hackers working for Iran's Revolutionary Guard Corps (IRGC) are carrying out spear phishing attacks against people with links to Iranian and Middle Eastern affairs.
They've been impersonating victims' contacts via email and messaging platforms, thereafter asking them to share user credentials via a false email account login page. This allows the attacker to gain access to victims’ accounts, exfiltrate and delete messages, and set up email forwarding rules.
They tailor their approach on an individual basis, according to the NCSC, impersonating business associates or family members, journalists purportedly looking for interviews, conference organizers, embassy staff, and others.
"The spear-phishing attacks undertaken by actors working on behalf of the Iranian government pose a persistent threat to individuals with a connection to Iranian and Middle Eastern affairs," said NCSC director of operations Paul Chichester.
"With our allies, we will continue to call out this malicious activity, which puts individuals’ personal and business accounts at risk, so they can take action to reduce their chances of falling victim."
FBI, NCSC offer advice for potential targets
The FBI said signs to look out for include suspicious logins from foreign or domestic IP addresses; the creation of message handling rules to forward emails and prevent victims from receiving notifications of the compromise; the connection of unknown devices, applications, or accounts to a victim account; exfiltration and deletion of messages; and attempts to access other victim accounts.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Meanwhile, the NCSC is advising potential victims to follow its guidance for high-risk individuals, adding that anyone facing a higher risk of targeting due to their work or public status can sign up for two opt-in cyber defense services managed by the center.
These are an Account Registration service that alerts individuals if the NCSC becomes aware of a cyber incident impacting a personal account, and a Personal Internet Protection service that helps prevent spear-phishing by blocking access to known malicious domains.
"I strongly encourage those at higher risk to stay vigilant to suspicious contact and to take advantage of the NCSC’s free cyber defense tools to help protect themselves from compromise," Chichester said.
Back in 2019, the US Department of State designated the IRGC as a foreign terrorist organization that aimed to steal US policy information and weaken confidence in the country's electoral processes.
And alongside this alert, the FBI also said that it had indicted three IRGC cyber actors for a 'hack-and-leak' operation which stole material from the Trump presidential campaign and leaked it to the Democratic campaign in an attempt to influence the upcoming presidential election.
"The conduct laid out in the indictment is just the latest example of Iran’s brazen behavior," said FBI director Christopher Wray. "So today the FBI would like to send a message to the government of Iran – you and your hackers can’t hide behind your keyboards."
More from ITPro
- NCSC identifies China-linked botnets targeting thousands of devices worldwide
- CISA breached a federal agency as part of its red team program — and nobody noticed for five months
- The NCSC wants to know how your business is using honeypots to combat hackers
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
UK’s Cyber Resilience Pledge gathers momentum as 60 firms sign up to bolster capabilitiesNews The voluntary pledge sees organizations tightening up their defences, particularly against supply-chain attacks
-
Hostile states behind three-quarters of UK critical infrastructure attacksNews NCSC CEO warns that with the rise of AI, the danger is only set to get worse
-
NCSC urges organizations to shore up supply chain security practicesNews With attackers increasingly compromising open source packages to spread malware, organizations need to be on their guard
-
A ‘perfect storm’: NCSC chief issues warning over quantum threats, nation-state hackers, and the dangers of global ‘hacktivism’News NCSC CEO Richard Horne says nation-state attacks, AI and the looming quantum threat require stronger global collaboration
-
The NCSC says it’s time to switch to passkeysNews UK security organization calls for companies to step up and offer more secure ways to login
-
NCSC issues alert over Russian hacker campaign targeting SOHO routersNews The APT28 group has exploited vulnerable internet routers to covertly reroute internet traffic through malicious servers
-
NCSC names and shames pro-Russia hacktivist group amid escalating DDoS attacks on UK public servicesNews Russia-linked hacktivists are increasingly trying to cause chaos for UK organizations
-
The NCSC touts honeypots and ‘cyber deception’ tactics as the key to combating hackers — but they could ‘lead to a false sense of security’News Trials to test the real-world effectiveness of cyber deception solutions have produced positive results so far