• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

Iran-linked APT group Charming Kitten targets journalists, political and human rights activists

by Cyber360 News
February 7, 2020
in Security
0
Iran-linked APT group Charming Kitten targets journalists, political and human rights activists
0
SHARES
1
VIEWS
Share on FacebookShare on Twitter

Iran-linked APT group Charming Kitten has been targeting journalists, political and human rights activists in a new campaign.

Researchers from Certfa Lab reports have spotted a new cyber espionage campaign carried out by Iran-linked APT group Charming Kitten that has been targeting journalists, political and human rights activists.

Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.

Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011 targeting journalists and activists in the Middle East, as well as organizations in the United States, and entities in the U.K., Israel, Iraq, and Saudi Arabia.

The campaign uncovered by Certfa Lab is related to previously observed targeted attacks against a U.S. candidate, government officials, and expatriate Iranians.

“Certfa Lab has identified a new series of phishing attacks from the Charming Kitten1, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. According to our investigation, these new attacks have targeted journalists, political and human rights activists.” reads the post published by Certfa Lab. “These phishing attacks are in line with the previous activities of the group that companies like ClearSky2 and Microsoft3 have reported in detail in September and October 2019.”

The Iranian hackers are still focusing to target private and government institutions, think tanks and academic institutions, organizations with ties to the Baha’i community, and many others in European countries, the United States, United Kingdom, and Saudi Arabia.

The attackers created a fake account impersonating New York Times journalist Farnaz Fassihi (former Wall Street Journal (WSJ) journalist) to send fake interview proposals or invitations to a webinar to the target individuals and trick them into accessing phishing websites. 

The spear-phishing messages use links in the footnotes, including social media links, WSJ and Dow Jones websites, that are all in the short URL format. When the victims click on them, they are redirected to legitimate addresses while getting basic information about the victim’s device (i.e. IP address, Operating System, and browser) that could be used to prepare the attack against the victim’s devices.

Then, the attackers send a link to a page containing interview questions that is hosted on Google Sites, a common trick to evade detection.

Once the victims clicked the download button on the Google Site page, they will be redirected to another fake page in two-step-checkup[.]site domain where login credential details of his/her email such as the password and two factor authentication (2FA) code are requested.

Charming Kitten phishing 2.png

Attackers employed a backdoor named “pdfreader.exe,” it was first uploaded to VirusTotal by an anonymous user on 3 October 2019. The malware gathers victim device data and achieves persistence through modified Windows Firewall and Registry settings. Experts pointed out that the malware is linked to operators behind past Charming Kitten campaigns. 

“The similarities between the method of managing and sending HTTP requests in “two-step-checkup[.]site” server with the latest techniques used by this group is further evidence of Charming Kitten’s connection to these attacks.” continues the report.”In this technique, if sent requests to the host server of the phishing kit are denied, the user is directed to a legitimate website like Google, Yahoo!, or Outlook by “301 Moved Permanently” and “Found redirect 302” responses. As a result, this method makes it harder for different pages and sections of phishing websites to be exposed to the public.”

The recently discovered phishing attacks by the Charming Kitten are in line with previous activities conducted by the group. Certfa speculates that the APT group is working on the development of a series of malware for their future phishing attack campaign.

“The Charming Kitten used Google Sites for their phishing attack, and Certfa believes that they work on the development of a series of malware for their future phishing attack campaign.” concludes the report.

Pierluigi Paganini

(SecurityAffairs – Charming Kitten, APT)



Share On


Cyber360 News

Cyber360 News

Next Post
WhatsApp Desktop Platform Security Flaw Allowed Access To Local File System

WhatsApp Desktop Platform Security Flaw Allowed Access To Local File System

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In