Iranian hackers increasingly targeting politicians and journalists, UK warns
In a fresh alert, the NCSC said actors like Iran continue to "successfully use spear-phishing attacks against targeted organisations and individuals in the UK, and other areas of interest, for information gathering activity".
The NCSC, which is part of the UK cyber and intelligence agency GCHQ and gives cyber security advice to the public and industry, said that cyber attacks mainly target academia, defence and governmental organisations, NGOs and think tanks - as well as politicians, journalists and activists.
According to the report, the Iranian group - known as Charming Kitten - is not working alongside its Russian equivalent.
Before conducting an attack, Iranian hackers carefully research the interests and real-world influence their victims may have and the intelligence value they possess, the report said.
While the NCSC does not directly accuse the Iranian state of being behind the attacks, other cyber security experts have said such complexity also requires state backing.
The NCSC said its advisory was aimed to "raise awareness of this activity for individuals and organisations in sectors known to be of interest to these actors".
In order to gain the trust of unsuspecting victims, hackers will often impersonate real contacts in a bid to build trust, sending fake invites to conferences or links to zoom meetings.
When clicked, the links can compromise the accounts of users, allowing hackers to gain access to potentially sensitive information.
In 2021, a group of Iranian hackers, under the name of Charming Kitten and posing as British-based academics, targeted Middle East experts in the US and UK with a cyber-espionage operation.
The sophisticated campaign, called SpoofedScholars, saw hackers impersonate academics at London's School of Oriental and African Studies (SOAS) to launch an online espionage campaign to target academics, according to Proofpoint, a cyber security company that uncovered the hacking operation, as cited by the BBC.
The hacking group is also known as "Phosphorus" and "APT35". At the time, it was believed to have been active in conducting intelligence operations on behalf of Iran's Revolutionary Guard and targeted around 10 academics.