Iranian government-linked actors have been hacking individuals in key sectors of U.S. allies by offering them fake jobs, according to an Israeli cybersecurity firm.

On Tuesday, a report published by Tel Aviv-based ClearSky Cyber Security identified a campaign it dubbed “Iranian Dream Job,” which had targeted the aerospace, aviation and defense industries of countries including Israel, the UAE, Turkey, India and Albania.

According to ClearSky, hackers have posed as recruiters on LinkedIn since at least September 2023, approaching targets with lucrative, and seemingly legitimate, job offers.

These profiles, associated with fake employers such as Careers 2 Find, distribute malware to victims, which, once downloaded, allow the hackers to access systems and steal sensitive data.

ClearSky identified the group involved as TA455, also known by Google-owned cybersecurity firm Mandiant as UNC1549. In February, Mandiant released a report that linked this actor to Iran’s Revolutionary Guard Corps, a branch of the country’s armed forces.

Newsweek has contacted the Iranian foreign ministry for comment.

According to Mandiant’s February report, which detailed the group’s “tailored job-themed lures,” the intelligence collected from those in the aerospace and defense industries is “of relevance to strategic Iranian interests and may be leveraged for espionage as well as kinetic operations.”

The tactic itself, however, is not new and has previously been employed by hackers from North Korea, who the FBI in September warned had been using fake offers of employment to target cryptocurrency exchange-traded funds over several months.

“For companies active in or associated with the cryptocurrency sector, the FBI emphasizes North Korea employs sophisticated tactics to steal cryptocurrency funds and is a persistent threat to organizations with access to large quantities of cryptocurrency-related assets or products,” the Bureau said at the time.

Malware files used in the Iranian attack were occasionally identified by antivirus engines as originating from Kimsuky and Lazarus, threat actors that have previously been linked to the North Korean government, ClearSky said.

Given this, ClearSky said the Iranian group may have “deliberately mimic[ked] the tactics and tools” of the North Korean actors in order to disguise their campaign and “deflect blame.”

However, it also said that the similarities between the two campaigns could imply that “North Korea shared with Iran their attack methods and tools.”

Cyber threats posed by both Tehran and Pyongyang have increasingly been on the radar of the U.S. intelligence community, with particular attention paid to those attacks seemingly intended to disrupt the 2024 presidential election.

In September, the Justice Department unsealed indictment charges against three Iranian nationals and Revolutionary Guard Corps employees for attempting to “hack into accounts of current and former U.S. officials, members of the media, nongovernmental organizations, and individuals associated with U.S. political campaigns.”

The attackers reportedly stole information from the Trump campaign in May and leaked this to Biden campaign officials as well as major media outlets.

“The conduct laid out in the indictment is just the latest example of Iran’s brazen behavior,” FBI director Christopher Wray said at the time. “So today the FBI would like to send a message to the Government of Iran—you and your hackers can’t hide behind your keyboards.”

The overall approach of the U.S. toward cybersecurity and the way it counters such threats posed by Iran and North Korea, as well as Russia and China, may change dramatically following the inauguration of President-elect Trump.

Joseph Jarnecki, a research fellow in cyber threats and cybersecurity at the Royal United Services Institute, spoke to Newsweek about the impacts of a second Trump term on America’s cyber strategy.

“A second Trump administration will change how the U.S. engages on cybersecurity internationally,” he said, adding that the Biden administration had “prioritized coalition-building activities” such as appointing Nathaniel Fink as the inaugural ambassador at large for cyberspace and digital policy, as well as creating such groups as the Counter Ransomware Initiative.

“With political appointments transferring from Democrat to Republican, it is likely that many of these initiatives will be abandoned.”

Newsweek has contacted the Trump campaign for a response.

Jarnecki also commented on what he believes Trump’s cybersecurity priorities may be and how these may differ from the outgoing administration.

Jarnecki said Trump had been “emphatic in describing the threat from Iran” and early indications point to him staffing the cabinet with “incredibly pro-Israel officials.”

“It is reasonable to expect that his administration will pursue a more firm approach towards Iran, which may include leveraging cyber operations,” he said.

Regarding China, Jarnecki said there would likely be less of a strategy shift.

“The U.S. security establishment is already spending massive resources on tackling perceived threats from China,” he told Newsweek.

“It is unlikely Trump’s administration will need to shift priorities, but it may encourage more direct operations leveraging cyber operations.”

Do you have a story we should be covering? Do you have any questions about this article? Contact LiveNews@newsweek.com.

Update 11/13/24 9:42 p.m. ET: This article was updated to include comments from Joseph Jarnecki, research fellow at the Royal United Services Institute.