At a glance.
- Charming Kitten and group-think in social engineering.
- The return of the (ShadowPad) alumni.
- Phishing from the Static Expressway.
- The state of cloud security.
- FBI warns of threats to medical devices.
- Overconfidence comes at a cost.
- Reviewing the cyber phase of a hybrid war.
Charming Kitten and group-think in social engineering.
Proofpoint researchers today described a phishing campaign operated by the Iranian threat group TA453 (also known as Charming Kitten, PHOSPHORUS, or APT42). Associated with Iran’s Islamic Revolutionary Guard Corps, the threat group is using a range of impersonated personae including the policy think-tanks Chatham House, the PEW Research Center, and the Foreign Policy Research Institute, as well as the scientific journal Nature, to lend credibility to its phishing attacks. It's not simple spoofing, however: TA453 includes more than one persona in the phishing email thread. Proofpoint calls it "Multi-Persona Impersonation," and the use of more than one seemingly plausible persona may lend credibility to the approach.
The approach can be expensive for the attacker in terms of resources expended--they have to burn spoofed accounts more rapidly--but they apparently judge it worthwhile. The targets of the campaign have been persons and organizations involved with nuclear security, especially in the Middle East.