The Iran-linked state-sponsored threat group known as Charming Kitten was observed targeting potential attendees of two major international conferences, Microsoft reports.
Also referred to as Phosphorous, APT35, Ajax Security Team, ITG18, NewsBeef, and NewsCaster, the threat actor is believed to have been active since at least 2011, targeting entities in the Middle East, the United States, and the United Kingdom.
Recently observed attacks, Microsoft says, targeted over 100 high-profile individuals, potential attendees of two upcoming global policy conferences, namely the Munich Security Conference and the Think 20 (T20) Summit, which is held in Saudi Arabia.
“Based on current analysis, we do not believe this activity is tied to the U.S. elections in any way,” Microsoft reveals.
As part of the assaults, the hackers would masquerade as conference organizers, sending spoofed email invitations to individuals potentially interested in attending. Written in near-perfect English, the emails were sent to academics, former government officials, policy experts, and leaders of non-governmental organizations.
Charming Kitten, the tech company explains, offered remote sessions to potential victims, thus lowering fears associated with travel during the coronavirus pandemic.
The attacks are believed to have been orchestrated for intelligence gathering, with several victims successfully compromised. These include former ambassadors and other senior policy experts.
“We’ve already worked with conference organizers who have warned and will continue to warn their attendees, and we’re disclosing what we’ve seen so that everyone can remain vigilant to this approach being used in connection with other conferences or events,” Microsoft explains.
To stay protected from similar attacks, users are advised to evaluate the authenticity of received messages, use multi-factor authentication, review email-forwarding rules, and enroll in advanced protection programs, where possible.
Microsoft, which has published indicators of compromise (IoC) related to the attacks, underlines that nation-state hackers routinely pursue governmental and non-governmental entities, think tanks, and policy organizations.
“We will continue to use a combination of technology, operations, legal action and policy to disrupt and deter malicious activity, but nothing replaces vigilance from people who are likely targets of these operations,” the company concludes.
Related: Iranian Hackers Target Academic Researcher via WhatsApp, LinkedIn
Related: Google Says Iran-Linked Hackers Targeted WHO
Related: Iran-Linked Hackers Accidentally Exposed 40 GB of Their Files