‘Charming Kitten’ APT Siphons Intel From Mid-East Scholars
#1
Information 
Quote:An Iran-linked advanced persistent threat (APT) group has taken a scholarly bent with its latest phishing campaign, which involves lengthy chats with professors, think tank higher-ups and journalists focused on Middle Eastern affairs.
 
The threat actor is Charming Kitten – aka a number of names, including TA453, APT35, Ajax Security Team, NewsBeef, Newscaster and Phosphorus. It’s an ever-evolving APT, and this is one of its more sophisticated campaigns, according to what Proofpoint researchers reported on Tuesday.
 
Not that the aims of this APT actor have been modest in the past. For example, in March, Charming Kitten launched a credential-stealing campaign that targeted genetic, neurology and oncology professionals.
 
Charming Kitten has also been tied to attacks on President Trump’s 2020 re-election campaign. In October 2019, researchers reported that the actor had added new spearphishing techniques to its arsenal in what appeared to be a ramp-up of operations. Security researchers who tracked the earlier phase of the campaign in October 2018 saw attacks tailored to elude two-factor authentication in order to compromise email accounts and to monitor communications.

The current campaign includes masquerading as British scholars; engaging in dialogue with targets; and linking to the website of a legitimate, world-class, already compromised academic institution in order to harvest credentials.
 
Proofpoint has named the campaign Operation SpoofedScholars and has linked it to the Iranian government, with the intention of what researchers believe is cyberespionage. This is “an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps (IRGC) intelligence collection efforts,” according to the report.
 
This is a limited, “highly selective” campaign that, according to Proofpoint telemetry, is targeting fewer than 10 organizations. Charming Kitten is after people who have “information of interest to the Iranian government, including, but not limited to, information about foreign policy, insights into Iranian dissident movements, and understanding of U.S. nuclear negotiations,” according to the report.
 
This is a wash, rinse and repeat situation: The threat actor has previously targeted most of the targets identified by Proofpoint, they said.

Read more: 'Charming Kitten' APT Siphons Intel From Mid-East Scholars | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Messages In This Thread
‘Charming Kitten’ APT Siphons Intel From Mid-East Scholars - by silversurfer - 14 July 21, 11:45

Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>