Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation

Description

Iranian cyber actors have been identified impersonating a German model agency in a suspected espionage operation. The attackers created a fraudulent website mimicking the authentic agency's branding and content, which triggers obfuscated JavaScript to capture detailed visitor information. This data collection enables selective targeting. The website also replaces a real model's profile with a fake one, likely for social engineering purposes. The operation's complexity and methods suggest involvement of an Iranian threat group, possibly overlapping with Agent Serpens (APT35 or Charming Kitten). This group is known for targeting Iranian dissidents, journalists, and activists abroad. The fake website includes sophisticated data collection routines and dynamic profile alterations, indicating an ongoing and evolving threat.