Mysterious 'SmudgedSerpent' Hackers Target U.S. Policy Experts Amid Iran–Israel Tensions

Proofpoint just dropped the tea on a shady new Iranian-linked hacking crew called UNK_SmudgedSerpent that's been targeting U.S. policy experts with fake Microsoft Teams apps. This is happening right as Iran–Israel tensions are hitting peak levels — timing is sus AF.

The hackers are using sophisticated phishing tactics, creating fake Teams applications that look legit to trick targets into installing malware. Once they're in, they can steal sensitive data, monitor communications, and potentially disrupt critical policy discussions.

Proofpoint's threat intel team has linked the group to Iran based on infrastructure patterns, tooling, and targeting behavior that align with previous state-sponsored campaigns. They're specifically going after individuals involved in Middle East policy, making this a classic case of cyber espionage aimed at gathering intel during geopolitical instability.

Microsoft is aware of the campaign and has been working with Proofpoint to mitigate the threats. They've released detection updates and are advising users to verify app sources before installation. If you're in policy circles, double-check those Teams invites — no cap.

This isn't the first time Iranian groups have used collaboration tools for attacks, but the sophistication and timing show they're leveling up their game. With tensions high, expect more of these ops to pop off.