Security News > 2020 > August > Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware

An Iranian cyberespionage group known for targeting government, defense technology, military, and diplomacy sectors is now impersonating journalists to approach targets via LinkedIn and WhatsApp and infect their devices with malware.

Detailing the new tactics of the "Charming Kitten" APT group, Israeli firm Clearsky said, "Starting July 2020, we have identified a new TTP of the group, impersonating 'Deutsche Welle' and the 'Jewish Journal' using emails alongside WhatsApp messages as their main platform to approach the target and convince them to open a malicious link."

The watering hole - in this case, a malicious link embedded in the compromised Deutsche Welle domain - delivered the info-stealer malware via WhatsApp, but not before the victims were first approached via tried-and-tested social engineering methods with an intention to lure the academics to speak at an online webinar.

"After a short conversation with the target, the Charming Kitten attacker requests to move the conversation to WhatsApp. If the target refuses to move to WhatsApp, the attacker will send a message via a fake LinkedIn profile."

In one scenario, the adversary even took the step of messaging and calling a victim to gain the target's trust and subsequently walk the person through the steps of connecting to the webinar using the malicious link earlier shared in the chat.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/SlFF9FYAUqI/hackers-journalist-malware.html