Security experts at
ClearSky researchers pointed out that these attacks represent a shift in the group tactics because this is the first time that the Charming Kitten group attempted to interfere in the elections of a foreign country.
The experts said, with medium-high confidence, that the campaign uncovered by Microsoft is the same campaign they observed over the past several months.
“We evaluate in a medium-high level of confidence, that Microsoft’s discovery and our findings in our previous and existing reports is a congruent operation” reads the report published by ClearSky, “based on the following issues:
Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media.
Microsoft has been tracking the threat actors at least since 2013, but experts believe that the cyberespionage group has been active since at least 2011.
As part of the recently observed campaign, the state-sponsored hackers used three different spear-phishing methods:
Experts have identified more than eight new and unknown domains, all of which bear the ‘
Other technical information, along with indicators of compromise (IoCs) are included in the report.
(SecurityAffairs – Charming Kitten, Iran)