The National Cyber Directorate has thwarted a sophisticated Iranian cyberattack that used a fake website posing as an official mental health support service for veterans and reservists suffering from post-traumatic stress disorder, Ynet learned on Wednesday.
The fraudulent site, registered under the name nefeshhope.com, was designed to look legitimate while secretly attempting to harvest personal information and install malware on visitors’ devices. Based on the techniques and patterns observed, officials believe the operation was carried out by a known Iranian hacker group. The site has since been taken offline, but authorities warned the public to remain alert to similar attempts.
Advanced monitoring technologies allowed the Cyber Directorate to detect the site at a very early stage—before it was widely distributed or caused harm.
“This is proactive work on our part, and it underscores the importance of constant vigilance against efforts to exploit the public, especially at moments of emotional vulnerability,” said Dana Toren, head of operations at the directorate.
Officials assess the attempt may have been part of a broader campaign, and warned that attackers could try again using alternative domains, links or emotionally targeted messages.
Iranian cyber groups, including the notorious Charming Kitten (APT35), have previously run phishing campaigns, fake social media profiles and malicious apps in an effort to steal data and infiltrate the systems of civilians, security personnel and researchers. These campaigns are part of Tehran’s broader strategy of exploiting human and emotional weaknesses alongside advanced technical operations.
The directorate urged the public not to click on unfamiliar links, avoid sharing personal information with unverified sources and rely only on recognized organizations such as NATAL, the Defense Ministry or the One Soul program for psychological assistance. Suspicious activity can be reported to the Cyber Directorate’s hotline at 119.