Today > | 1 Medium vulnerabilities   -   You can now download lists of IOCs here!

CHARMING KITTEN

Oct. 4, 2024, 12:41 p.m.

Description

Since June 2024, the Iran-nexus actor CHARMING KITTEN has been creating new network infrastructure for credential phishing, targeting individuals perceived as threats to the Iranian regime. The actor's infrastructure, known as Cluster B, uses domains with specific characteristics like similar TLDs, hyphenated naming conventions, and shared IP addresses. While specific targets for the new domains are unknown, previous targets included researchers, journalists, NGO leaders, and human rights activists. The phishing pages often mimic login interfaces for popular services like Google and YouTube, distributed through spear-phishing emails disguised as conference invitations or links to legitimate documents.

Date

Published: Oct. 4, 2024, 10:16 a.m.

Created: Oct. 4, 2024, 10:16 a.m.

Modified: Oct. 4, 2024, 12:41 p.m.

Indicators

software-selection-features.buzz

request-human-received.xyz

paper-blue-hero.top

nail-forward-valid.lol

interconnected-equipment-buildings.buzz

house-server-digital.xyz

growing-prices-advanced.top

flow-exulltation-uplift.top

competitive-searchvolume-considered.top

click-manage-room.cfd

app-engage-station.help

Attack Patterns

CHARMING KITTEN

T1585

T1589

T1586

T1566.002

T1584

T1566

Additional Informations

Media

Education

NGO

Government

Iran, Islamic Republic of

Israel

United States of America