Security researchers have identified a new series of phishing attacks, from Iranian state-linked hacking group, Charming Kitten, targeting journalists and political and human rights activists.
Discovered by London security vendor Certfa, the latest phishing campaign is designed to steal email account data, in addition to finding information about the victims contacts and networks.
One notable campaign involves Charming Kitten impersonating former Wall Street Journal senior writer, Farnaz Fassihi, and sending interview request emails to victims and guiding them to their phishing websites. Fassihi now works at the New York Times.
The phishing emails include social media links, Wall Street Journal and Dow Jones websites, all in a short URL format. Subsequently, recipients clicking on the links are directed to legitimate addresses whilst hackers are collecting information about the victim’s device such as IP address, the browser and the type of Operating System.
“After communication and relative trust are established through the initial email, hackers send their victim an exclusive link as a file that contains the interview questions. According to our samples, Charing Kitten has been using a page that is hosted on Google Sites,” wrote Certfa.
Certfa explained that this new tactic is being widely used by threat actors in phishing attacks in order to make the domain targets trust the destination domain.
Once clicking the download button, the victim is then sent to another fake page whereby phishing kits requests their login credentials for their emails.
Researchers also uncovered pdfreader.exe, a piece of malware with a backdoor feature which causes changes to the Windows’ Firewall and Registry settings. It allows for hackers to run new malware and spyware remotely on the victim’s target.
The post #Privacy: Charming Kitten launches new phishing campaign appeared first on PrivSec Report.