Iranian APT Group Linked to Spear Phishing Campaign Targeting Senior Staffers at Medical Research Firms
The Advanced Persistent Threat (APT) group Charming Kitten has been linked to a spear phishing campaign conducted in late 2020 targeting senior professionals at medical research organizations in the United States and Israel by security firm Proofpoint.
Charming Kitting, aka Phosphorus, Ajax, and TA453, is an APT group with links to the Islamic Revolutionary Guard Corps (IRCG) in Iran. Charming Kitting has been active since at least 2014 and is primarily involved in espionage campaigns involving spear phishing attacks and custom malware. The attacks previously linked to the APT group have been on dissidents, academics, and journalists, so the latest spear phishing campaign targeting medical research organizations is a departure from the group’s usual targets.
The phishing campaign, dubbed BadBlood, attempted to steal Microsoft Office credentials and coincided with growing tensions between Iran, the United States, and Israel. It is unclear at this stage whether the targeting of very senior professionals in medical research firms is part of a wider campaign or was simply an outlier event. The researchers suspect the latter to be the case and the groups was attempting to obtain specific types of intelligence.
The campaign was...