Security News > 2020 > August > Iranian Hackers Target Academic Researcher via WhatsApp, LinkedIn
The hackers used a personalized URL, tailored to the victim's email address, to trick them into accessing the malicious link, and also attempted to send a malicious ZIP file to the victim.
"Clearsky alerted 'Deutsche Welle' about the impersonation and the watering hole in their website. A 'Deutsche Welle' representative confirmed that the reporter which Charming Kitten impersonated, did not send any emails to the victim nor any other academic researcher in Israel in the past few weeks," the security firm says.
As part of the campaign, the attackers used a well-developed LinkedIn account in support of their email spear-phishing attacks, and showed willingness to speak to the victim on the phone, over WhatsApp, using a legitimate German phone number.
The Charming Kitten attackers messaged the victim repeatedly for ten days, claiming they were interested in engaging in a direct phone call, and attempted to lure the victim into "Activating their account" on the site "Akademie DW". "If the victim is not willing to share their personal phone number, the attacker will send him a message from the fake LinkedIn account. This message will contain a promise that the webinar is secured by Google, as they sent to the victim on the tenth day," Clearsky says.
In another attack, the hackers created a fake LinkedIn account for 'Helen Cooper', a senior researcher at Hudson Institute and sent email messages that contained either a malicious link or a malicious attachment.
News URL
Related news
- Iranian hackers charged for ‘hack-and-leak’ plot to influence election (source)
- Iranian hackers now exploit Windows flaw to elevate privileges (source)
- Iranian hackers act as brokers selling critical infrastructure access (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)