Charming Kitten Returns with WhatsApp, LinkedIn Effort
#1
Information 
Quote:The Iran-affiliated APT known as Charming Kitten is back with a new approach, impersonating Persian-speaking journalists via WhatsApp and LinkedIn, in order to con victims into opening malicious links. The targets are Israeli scholars from Haifa and Tel Aviv universities, and U.S. government employees, researchers said.
 
According to an analysis from Clearsky, the latest gambit was first spotted in July. The attackers have been pretending to be known writers for the Deutsche Welle and/or Jewish Journal outlets, and approach targets via email, and WhatsApp messages and calls. To lend verisimilitude to their impersonations, the cybercriminals also set up fake LinkedIn profiles corresponding to the journalists’ names, and have been sending out LinkedIn messages to corner victims as well. The end game is to convince a target to click on a malicious link, which takes users to a phishing page to steal credentials.
 
“The malicious link is embedded in a legitimate, compromised Deutsche Welle domain, with waterhole methods,” according to a writeup from Clearsky, issued last week. “Each victim receives a personalized link, tailored to their specific email account. We identified an attempt to send a malicious ZIP file to the victim as well, additional to a message that was sent to the victim via a fake LinkedIn profile.”
 
This approach is a marked departure from Charming Kitten’s usual M.O., which tends to rely on emails and SMS.
 
“These two platforms enable the attacker to reach the victim easily, spending minimum time in creating the fictitious social-media profile,” according to Clearsky. “However, in this campaign Charming Kitten has used a reliable, well-developed LinkedIn account to support their email spear-phishing attacks…[we also] observed a willingness of the attackers to speak on the phone directly with the victim, using WhatsApp calls, and a legitimate German phone number. This [tactic, technique and procedure] (TTP) is uncommon and jeopardizes the fake identity of the attackers.”

Read more: https://threatpost.com/charming-kitten-w...rt/158813/
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Microsoft warns: Office 2016 and 2019 re...
Microsoft Office 2...harlan4096 — 06:55
Google rolling out auto-restart securit...
Google rolls out aut...harlan4096 — 06:51
K-Lite Codec Pack 18.8.5 / 18.8.9 Update
Changes in 18.8.9 ...harlan4096 — 07:13
Ubuntu 24.04.2 LTS / 25.04
Ubuntu 24.04.2 LTS...harlan4096 — 07:12
Microsoft Edge 135.0.3179.85
Version 135.0.3179...harlan4096 — 07:10

[-]
Birthdays
Today's Birthdays
avatar (37)RobertUtelt
Upcoming Birthdays
avatar (44)wapedDow
avatar (43)techlignub
avatar (42)Stevenmam
avatar (49)onlinbah
avatar (50)steakelask
avatar (44)Termoplenka
avatar (42)bycoPaist
avatar (48)pieloKat
avatar (42)ilyagNeexy
avatar (50)donitascene
avatar (50)Toligo

[-]
Online Staff
There are no staff members currently online.

>