Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Microsoft Says Iranian Hackers Targeted Attendees of Major Global Policy Conferences

The Iran-linked state-sponsored threat group known as Charming Kitten was observed targeting potential attendees of two major international conferences, Microsoft reports.

The Iran-linked state-sponsored threat group known as Charming Kitten was observed targeting potential attendees of two major international conferences, Microsoft reports.

Also referred to as Phosphorous, APT35, Ajax Security Team, ITG18, NewsBeef, and NewsCaster, the threat actor is believed to have been active since at least 2011, targeting entities in the Middle East, the United States, and the United Kingdom.

Recently observed attacks, Microsoft says, targeted over 100 high-profile individuals, potential attendees of two upcoming global policy conferences, namely the Munich Security Conference and the Think 20 (T20) Summit, which is held in Saudi Arabia.

“Based on current analysis, we do not believe this activity is tied to the U.S. elections in any way,” Microsoft reveals.

As part of the assaults, the hackers would masquerade as conference organizers, sending spoofed email invitations to individuals potentially interested in attending. Written in near-perfect English, the emails were sent to academics, former government officials, policy experts, and leaders of non-governmental organizations.

Charming Kitten, the tech company explains, offered remote sessions to potential victims, thus lowering fears associated with travel during the coronavirus pandemic.

The attacks are believed to have been orchestrated for intelligence gathering, with several victims successfully compromised. These include former ambassadors and other senior policy experts.

Advertisement. Scroll to continue reading.

“We’ve already worked with conference organizers who have warned and will continue to warn their attendees, and we’re disclosing what we’ve seen so that everyone can remain vigilant to this approach being used in connection with other conferences or events,” Microsoft explains.

To stay protected from similar attacks, users are advised to evaluate the authenticity of received messages, use multi-factor authentication, review email-forwarding rules, and enroll in advanced protection programs, where possible.

Microsoft, which has published indicators of compromise (IoC) related to the attacks, underlines that nation-state hackers routinely pursue governmental and non-governmental entities, think tanks, and policy organizations.

“We will continue to use a combination of technology, operations, legal action and policy to disrupt and deter malicious activity, but nothing replaces vigilance from people who are likely targets of these operations,” the company concludes.

Related: Iranian Hackers Target Academic Researcher via WhatsApp, LinkedIn

Related: Google Says Iran-Linked Hackers Targeted WHO

Related: Iran-Linked Hackers Accidentally Exposed 40 GB of Their Files

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.