Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats thehackernews.com/2025/09/i…

An Iran-nexus group has been linked to a “coordinated” and “multi-wave” spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.

The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.

“Emails were sent to multiple government recipients worldwide, disguising legitimate diplomatic communication,” the company said. “Evidence points toward a broader regional espionage effort aimed at diplomatic and governmental entities during a time of heightened geopolitical tension.”

The attack chains involve the use of spear-phishing emails with themes related to geopolitical tensions between Iran and Israel to send a malicious Microsoft Word that, when opened, urges recipients to “Enable Content” in order to execute an embedded Visual Basic for Applications (VBA) macro, which is responsible for deploying the malware payload.

The email messages, per Dream, were sent to embassies, consulates, and international organizations across the Middle East, Africa, Europe, Asia, and the Americas, suggesting that the activity cast a wide phishing net. European embassies and African organizations are said to have been the most heavily targeted.