charming kitten (5)

13326327653?profile=RESIZE_400xThreat intelligence experts at ClearSky Cyber Security have reported the details of an Iranian social engineering campaign using fake LinkedIn identities to trick people into downloading malware with fake job offers. ClearSky has identified a campaign named “Iranian Dream Job,” in which the Iranian threat actor TA455 has targeted the aerospace industry by offering fake jobs.

See: https://redskyalliance.org/xindustry/iran-targeting-aerospace-through-fake-jobs

The campaign distributed the so-calle

12364136897?profile=RESIZE_400xHigh-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the UK, and the US have been targeted by an Iranian cyber espionage group called Mint Sandstorm since November 2023.  The threat actor "used bespoke phishing lures in an attempt to socially engineer targets into downloading malicious files," the Microsoft Threat Intelligence team reported in a recent analysis, describing it as a "technically and operationally ma

12132149263?profile=RESIZE_400xIn mid-May 2023, TA453 - also known publicly as Charming Kitten, APT42, Mint Sandstorm, Yellow Garuda - sent a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs.  The email solicited feedback on a project called “Iran in the Global Security Context” and requested permission to send a draft for review.  The initial email also mentione

11038585896?profile=RESIZE_400xThe nasty Iranian nation-state APT group known as Charming Kitten is actively targeting multiple victims in the US, Europe, the Middle East, and India with a new malware named BellaCiao, adding to its ever-expanding list of custom tools.  Discovered by Bitdefender Labs, BellaCiao is a "Personalized dropper" that is capable of delivering other malware payloads onto a victim machine based on commands received from an actor-controlled server.  The attackers appear to customize their attacks for eac

3978010892?profile=RESIZE_710xPhishing attacks are the most common method of attacking any organization.  These types of attacks have been observed in all industries and government entities.  The latest infiltration campaign used by Iranian state sponsored hackers has been named, “The Return of the Charming Kitten.”  In this particular effort, hackers have targeted individuals in organizations that have been involved in economic and military sanctions against the Islamic Republic of Iran.  These targets include politicians,