A SOPHISTICATED email phishing attack has been spotted by researchers and it’s said to come from a threat actor known as Charming Kitten.
Experts say Charming Kitten is based in Iran and aims to distribute a new version of a type of malware called POWERSTAR.
1
Cyber specialists at Volexity explained the phishing attack on their blog.
They said: “Spear-phishing campaigns now often involve individual, tailored messages that engage in dialogue with each target, sometimes over a period of several days, before a malicious link or file attachment is ever sent.”
And, added: “One threat actor Volexity frequently sees employing these techniques is Charming Kitten, who is believed to be operating out of Iran.
“Charming Kitten appears to be primarily concerned with collecting intelligence by compromising account credentials and, subsequently, the email of individuals they successfully spear phish.
“The group will often extract any other credentials or access they can, and then attempt to pivot to other systems, such as those accessible via corporate virtual private networks (VPNs) or other remote access services.”
Volexity experts found a situation in which the threat actor was pretending to be a reporter in order to gain the trust of an individual they wanted to steal from.
The target was someone who had just published an article about Iran.
Charming Kitten then spoofed an email address in order to send malware to the inbox of the victim.
Most read in News Tech
The Volexity researchers explained: “Prior to sending malware to the target, the attacker simply asked if the target would be open to reviewing a document they had written related to US foreign policy.
“The target agreed to do so, since this was not an unusual request; they are frequently asked by journalists to review opinion pieces relating to their field of work.”
This technique is commonly used by cybercriminals to convince victims to download malware.
Even if you receive an email from someone you trust, it’s still worth exercising caution before you click on any links or download any documents.
Malware can ruin your device and also steal important data.
If you receive a suspicious email at work it’s always worth reporting it.
