Over the past two weeks, the Charming Kitten group, operating under the supervision of the Islamic Revolutionary Guard Corps (IRGC), has initiated a new cyber campaign targeting Western and Middle Eastern NGOs, media outlets, and social activists. These attacks leverage specific phone numbers and phishing links.
The attack process starts with initial contact via a Yahoo email address (as seen in examples), followed by a phishing link sent through WhatsApp. To gain the victim's trust, the attackers may even make a silent voice call. The victim is then directed to a Google Sites page deceptively resembling an invitation to a fake Google Meet session.
On this page, a "Join" button leads the victim to the main phishing page through a shortened URL. The hackers utilize the EventListener function in the page's script to automatically capture and transfer all input data entered by the user to their servers.
If you encounter similar numbers or links, you might be the target of such cyber-attacks.
IoCs:
WhatsApp: +1-/254-365-9299
WhatsApp: +1-/254-363-9292
WhatsApp: +44-/7301-644303
atlanticcouncil[.]site