Iran carried out a sophisticated cyberattack aimed at spying on negotiations in Egypt over the return of hostages and a potential ceasefire in Gaza, according to Israeli cybersecurity firm Dream Security.
The attack, identified in August 2025, targeted the email account of Oman’s Foreign Ministry. Hackers sent messages disguised as diplomatic correspondence to roughly 200 recipients, including Egyptian officials in Cairo and Paris, alongside mediators from the United States and Qatar.
The emails contained Word documents appearing to be official letters from Oman. When opened, the files unleashed malicious code that converted into offensive cyber software designed to monitor the target, read correspondence, and record conversations.
Dream Security identified the campaign as part of a broader Iranian phishing operation attributed to the “Homeland Justice” group linked to Iran’s Ministry of Intelligence and Security. Unlike previous attacks that aimed to disrupt infrastructure or steal data, this operation focused on diplomatic communications and could have influenced the Gaza ceasefire process.
“When an authentic diplomatic channel becomes a cyber weapon, the diplomatic and cyber fronts merge into a single battlefield,” the company said.
Dream Security’s AI system mapped the attack in full, using autonomous agents to scan the open and dark web for malicious activity and perform forensic analysis connecting domains, servers, and attack infrastructure. The AI agents traced the Iranian group behind the attack, mapped the infection campaign, and exposed operational methods, potentially enabling disruption of the group’s capabilities.
“Iran’s phishing operation reflects a broader regional espionage effort targeting diplomatic and government bodies during heightened geopolitical tension,” Dream Security officials said. “Diplomatic trust has become a strategic target. Patterns mirror previous Iran-linked attacks, including a 2023 operation in Albania.”
Dream Security was founded in January 2023 by CEO Shalev Hulio, former Austrian Chancellor Sebastian Kurz as chairman, and CTO Gil Dolev. Tal Fialkov, VP of AI and Cyber, said the company’s AI agents provide unprecedented real-time mapping and analysis of state-level cyberattacks, giving countries a defensive advantage against complex threats.