Security News > 2020 > August > Charming Kitten Returns with WhatsApp, LinkedIn Effort
The Iran-affiliated APT known as Charming Kitten is back with a new approach, impersonating Persian-speaking journalists via WhatsApp and LinkedIn, in order to con victims into opening malicious links.
To lend verisimilitude to their impersonations, the cybercriminals also set up fake LinkedIn profiles corresponding to the journalists' names, and have been sending out LinkedIn messages to corner victims as well.
"Each victim receives a personalized link, tailored to their specific email account. We identified an attempt to send a malicious ZIP file to the victim as well, additional to a message that was sent to the victim via a fake LinkedIn profile."
"However, in this campaign Charming Kitten has used a reliable, well-developed LinkedIn account to support their email spear-phishing attacks[we also] observed a willingness of the attackers to speak on the phone directly with the victim, using WhatsApp calls, and a legitimate German phone number. This is uncommon and jeopardizes the fake identity of the attackers."
"The messages were sent from a German number to create a sense of credibility, and the WhatsApp account bears the image of the journalist being impersonated." If the victim is not willing to share a personal phone number, the attackers will send the person a message from the fake LinkedIn accounts.
News URL
https://threatpost.com/charming-kitten-whatsapp-linkedin-effort/158813/