APT Charming Kitten Pounces on Medical Researchers

Security researchers have linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten.

The campaign—dubbed BadBlood because of its medical focus and the history of tensions between Iran and Israel–aimed to steal credentials of professionals specializing in genetic, neurology and oncology research, according to new research posted online Wednesday from Proofpoint’s Joshua Miller and the Proofpoint Research Team.

This type of targeting represents a departure for Charming Kitten, (also known as Phosphorus, Ajax or TA453), which—due to its believed alignment with Iran’s Islamic Revolutionary Guard Corps (IRGC)–in the past has primarily put dissidents, academics, diplomats and journalists in its crosshairs, researchers said in the report.

Read more…
Source: ThreatPost