Security News > 2020 > August > Iranian Hackers Target Academic Researcher via WhatsApp, LinkedIn
The hackers used a personalized URL, tailored to the victim's email address, to trick them into accessing the malicious link, and also attempted to send a malicious ZIP file to the victim.
"Clearsky alerted 'Deutsche Welle' about the impersonation and the watering hole in their website. A 'Deutsche Welle' representative confirmed that the reporter which Charming Kitten impersonated, did not send any emails to the victim nor any other academic researcher in Israel in the past few weeks," the security firm says.
As part of the campaign, the attackers used a well-developed LinkedIn account in support of their email spear-phishing attacks, and showed willingness to speak to the victim on the phone, over WhatsApp, using a legitimate German phone number.
The Charming Kitten attackers messaged the victim repeatedly for ten days, claiming they were interested in engaging in a direct phone call, and attempted to lure the victim into "Activating their account" on the site "Akademie DW". "If the victim is not willing to share their personal phone number, the attacker will send him a message from the fake LinkedIn account. This message will contain a promise that the webinar is secured by Google, as they sent to the victim on the tenth day," Clearsky says.
In another attack, the hackers created a fake LinkedIn account for 'Helen Cooper', a senior researcher at Hudson Institute and sent email messages that contained either a malicious link or a malicious attachment.
News URL
Related news
- Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws (source)
- Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (source)
- Researchers Uncover Windows Flaws Granting Hackers Rootkit-Like Powers (source)
- Iranian hackers pose as journalists to push backdoor malware (source)