APT Charming Kitten Pounces on Medical Researchers

2021-03-31 12:48

Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten.

The campaign-dubbed BadBlood because of its medical focus and the history of tensions between Iran and Israel-aimed to steal credentials of professionals specializing in genetic, neurology and oncology research, according to new research posted online Wednesday from Proofpoint's Joshua Miller and the Proofpoint Research Team.

This type of targeting represents a departure for Charming Kitten,, which-due to its believed alignment with Iran's Islamic Revolutionary Guard Corps-in the past has primarily put dissidents, academics, diplomats and journalists in its crosshairs, researchers said in the report.

The medical professionals targeted in the latest campaign "Appear to be extremely senior personnel" at their respective organizations, researchers noted.

In addition to the tactics used in the campaign, researchers said there is other evidence that Charming Kitten is behind the attacks.

The Proofpoint team identified other domains than the one used directly in the attack that they can attribute to the group "With high confidence based on network infrastructure components, campaign timing, and similarity in lure documents," researchers wrote in the report.

News URL

https://threatpost.com/charming-kitten-pounces-on-researchers/165129/

#APT #researcher