Iranian Hackers Target US Think Tank Experts in Sophisticated Phishing Campaign

Iranian hackers target US think tanks in 2025, using hybrid tactics and phishing to steal credentials via fake emails.

By Content Team

Nov 5, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Iranian government hackers launched targeted phishing attacks against prominent US think tanks between June and August 2025, impersonating influential policy experts like Brookings Institution's Suzanne Maloney. The mysterious group, dubbed "UNK_SmudgedSerpent" by Proofpoint researchers, sent fake collaboration emails to 20 think tank members, later directing victims to credential-stealing Microsoft 365 login pages disguised as OnlyOffice or Teams links.

What makes this campaign unusual is how it blends tactics from multiple known Iranian hacking groups. The phishing approach mirrors Charming Kitten's methods, while the infrastructure resembles TA455's setup, and it's the only Iranian group besides MuddyWater known to use remote monitoring software. This hybrid approach suggests possible reorganization, collaboration, or resource-sharing between Iran's cyber units.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Cyber Attack Forces Nuneaton School to Close for Three Days

Jan 16, 2026

German Police Rush to Warn Companies About Critical PTC Software Vulnerability

Mar 29, 2026

Massive Supply Chain Attack on Trivy Tool Threatens Thousands of Organizations

Mar 25, 2026

Critical FreeScout Bug Allows Zero-Click Server Takeover

Mar 5, 2026