A hacking group from Iran called Charming Kitten has been trying to spy on cybersecurity experts in Israel. This group is known by other names too, like APT35, APT42, and Phosphorus. Security researchers believe it is backed by the Iranian government, and it has been active for years targeting people and organizations around the world.
In this recent campaign, Charming Kitten is pretending to be employees of well-known cybersecurity companies or media outlets. They are sending messages to Israeli experts through email and WhatsApp. These messages are carefully written and often include the person’s name, job title, and workplace, making them seem very real.
The attackers start by acting friendly and professional. They may offer a job, ask for an interview, or suggest working together on a project. At first, nothing seems suspicious. But after a few messages, they send a link or a file that contains something dangerous.
If the target clicks the link, they are taken to a fake login page that looks like Google or Microsoft. If they enter their email and password, that information is sent to the hackers. In other cases, they’re sent files that install malware, which allows the attackers to spy on their device.
One reason this campaign is hard to detect is because it is not random. The hackers choose their targets carefully and learn about them before sending anything. In one case, the attacker even offered to meet in person before sending a link, just to build more trust.
Security researchers have found over 130 fake websites used by this group. These websites are designed to look exactly like real companies. Once one is blocked or flagged, the attackers move to a new one quickly. This makes it hard for cybersecurity teams to keep up.
Charming Kitten is linked to Iran’s Islamic Revolutionary Guard Corps and has been active for a long time. They often go after people who work in government, media, and tech. By targeting Israeli cyber experts, they are likely trying to learn how Israel protects itself online.
Some of the messages used in this attack seem to be written with the help of AI tools. They are well-written, with no spelling or grammar mistakes, and they sound very natural. In some messages, they even mention the conflict between Iran and Israel to make the message feel timely.
In response, many cybersecurity companies in Israel are telling their employees to be extra careful. People are being asked to double-check any unexpected message, especially if it has a link or attachment. Some companies are also blocking suspicious websites and updating their email filters.
This attack is a reminder that even experts can be tricked. When a message is written well and seems to come from a real person, it’s easy to let your guard down, especially when you’re busy or distracted.
Experts recommend verifying who is sending a message before clicking on anything. If something feels even a little off, it’s better to stop and check through a different method, like calling the company directly or visiting their real website.
The Charming Kitten group keeps improving its methods. This shows that cyberattacks are not just about computers, they also rely on tricking people. Staying alert, asking questions, and thinking twice before clicking are some of the best ways to stay safe.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
