CHARMING KITTEN
Oct. 4, 2024, 12:41 p.m.
Tags
External References
Description
Since June 2024, the Iran-nexus actor CHARMING KITTEN has been creating new network infrastructure for credential phishing, targeting individuals perceived as threats to the Iranian regime. The actor's infrastructure, known as Cluster B, uses domains with specific characteristics like similar TLDs, hyphenated naming conventions, and shared IP addresses. While specific targets for the new domains are unknown, previous targets included researchers, journalists, NGO leaders, and human rights activists. The phishing pages often mimic login interfaces for popular services like Google and YouTube, distributed through spear-phishing emails disguised as conference invitations or links to legitimate documents.
Date
Published: Oct. 4, 2024, 10:16 a.m.
Created: Oct. 4, 2024, 10:16 a.m.
Modified: Oct. 4, 2024, 12:41 p.m.
Indicators
software-selection-features.buzz
request-human-received.xyz
paper-blue-hero.top
nail-forward-valid.lol
interconnected-equipment-buildings.buzz
house-server-digital.xyz
growing-prices-advanced.top
flow-exulltation-uplift.top
competitive-searchvolume-considered.top
click-manage-room.cfd
app-engage-station.help
Attack Patterns
CHARMING KITTEN
T1585
T1589
T1586
T1566.002
T1584
T1566
Additional Informations
Media
Education
NGO
Government
Iran, Islamic Republic of
Israel
United States of America