Mandiant says the primary motive for the operation appears to be helping the Iranian government identify Iranians who may cooperate with Israel.

The group may have been seeking insights on shifting European sentiments on Ukraine, threat analysts suggest.

Targets of the operation were given phony coding challenges that delivered a range of malware including a previously-unseen backdoor.

A persona dubbed Sara Shokouhi recycled photos of a Russian psychologist and tarot card reader to pose as a Middle East-focused researcher

The tactic linked to an Iranian group creates the impression the email activity is real by employing a phenomenon known as "social proof."

APT29, one of the SVR's most active and successful hacking groups, has been using the cloud service to help deliver malware, the researchers said.

Volexity believes, with moderate confidence, that Cozy Bear is behind the spearphishing campaign with an election fraud lure.

The tool is the latest evidence that the hacking economy is a commodity market.

It was not immediately clear who was responsible, but the German parliament is a perennial cyber-espionage target.

In some attacks, the hackers attempted to steal credentials from employees at Walgreens.