Who Is Charming Kitten
Charming Kitten is a hacking group supported by the Iranian government. It has been active for over a decade and goes by other names like APT42, Educated Manticore, and Mint Sandstorm. This group is linked to Iran’s Islamic Revolutionary Guard Corps, a powerful military unit that answers directly to the country’s top leaders. One of its main tasks is to use cyberattacks to gather intelligence from individuals and organizations both inside and outside Iran.
Charming Kitten has a long history of spying on important people in other countries. These include politicians, military officials, journalists, and researchers. In its latest activity, the group has turned its focus to Israel, specifically targeting experts in cybersecurity and computer science. These are people who usually protect others from cyber threats, but now they’re the ones under attack.
How the Attack Happens
The method used in this spying campaign is called spear-phishing. It’s a type of cyberattack where hackers send fake messages to selected individuals. These messages are not random — they are personalized to look convincing. The goal is to trick the person into giving away private information like passwords or login details.
Charming Kitten starts by collecting personal information about each target. They gather names, job titles, phone numbers, and the companies the targets work for. Once they know enough, they send messages pretending to be someone trustworthy — often a journalist or a cybersecurity expert.
Instead of using regular email, they often send these fake messages over WhatsApp. This makes it feel more like a personal conversation and helps the message avoid being flagged as suspicious. The messages are well-written in English and often include a request to meet or discuss some kind of collaboration.
Strict Regulations Help Australian Companies Bounce Back Quicker After Cyberattacks
The hackers avoid detection early by not including any links or files in their first messages. This reduces the chances of spam filters blocking the message or the target ignoring it. If the target responds, the hacker builds a sense of trust over time. They may even suggest meeting face-to-face, adding another layer of realism.
When the target seems comfortable, the hacker asks for their email and then sends a phishing link. This link leads to a fake website that looks like a real Google login page. In some cases, it even looks like a Google Meet invitation. If the victim types in their password, the hacker can now access their email and possibly other accounts. These attacks move fast — usually within one or two days — and the hackers quickly shift to the next target.
Who Is Being Targeted
The people at the center of this attack are Israeli cybersecurity and computer science experts. Many of them work in tech companies or academic institutions. Some may be linked to Israel’s national cyber efforts. This makes them valuable targets for a group like Charming Kitten.
There is some belief that these attacks could be a form of revenge. It’s possible that Israel damaged cyber tools or infrastructure in Iran, and this may be Iran’s response. Instead of using physical force, they are using cyber tactics to strike back.
The group is also believed to be targeting journalists. These are high-profile individuals whose names are often known publicly. By targeting them, the hackers might be trying to prove their power or gain attention.
Cybersecurity Expert Mathew Warns of Escalating Cyber Attack Severity
Cybersecurity researchers have found over 100 fake websites and domains linked to this operation. Many of these sites were likely set up for just one target each. This shows how detailed and personal the campaign is. It also suggests that the true number of targets may be much higher and not limited to Israel.
Charming Kitten’s latest campaign stands out because of how carefully it was put together. The messages are realistic, the communication is fast and friendly, and the hackers don’t push too hard at the beginning. They patiently build trust before making their move. This shows the lengths that state-sponsored hackers will go to in order to reach their goals — even attacking those who are trained to stop them.
