CTI Analysis: Malicious Email Campaign
In August 2025, Dream uncovered a large-scale Iran-nexus spear-phishing campaign that used a compromised Omani MFA mailbox to target governments worldwide. Attributed to the MOIS-aligned Homeland Justice group, the operation deployed malicious diplomatic-themed emails containing macro-encoded payloads. Analysis revealed a far broader campaign than initially believed, using 104 compromised accounts across 270 emails to disguise attribution and infiltrate embassies, consulates, and international organizations by highlighting a coordinated regional espionage effort amid heightened geopolitical tensions.