Charming Kitten Nuclear Targeting Campaign
Iranian IRGC-linked Charming Kitten spearphishing and social engineering campaign targeting nuclear scientists, think tank researchers, journalists and former government officials in US, Israel and Europe. Uses elaborate fake personas for credential harvesting and malware delivery.
Start date
1 January 2023
End date
—
Techniques
17
Attributed actors
Techniques (17)
collection2
T1114.001Local Email Collection
T1113Screen Capture
command-and-control2
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access1
T1539Steal Web Session Cookie
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution2
T1059.003Windows Command Shell
T1059.001PowerShell
exfiltration1
T1041Exfiltration Over C2 Channel
initial-access3
T1566.002Spearphishing Link
T1078Valid Accounts
T1566.001Spearphishing Attachment
persistence2
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
privilege-escalation2
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
reconnaissance1
T1598.003Spearphishing Link
stealth3
T1078Valid Accounts
T1070.004File Deletion
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.