Iranian Charming Kitten behind new phishing campaign Operation Spoofed scholar

Iranian’s Charming Kitten having number of names including TA453, APT35, Ajax Security Team, NewsBeef, Newscaster and Phosphorus. It’s an ever-evolving APT, and is one of its more sophisticated campaigns.

Proofpoint researchers named the campaign Operation SpoofedScholars and have linked it to the Iranian government; with the intention of what researchers believe is cyber espionage. This campaign includes masquerading as British scholars; engaging in dialogue with targets; and linking to the website of a legitimate, world-class, already compromised academic institution in order to harvest credentials.

It was also true to say that Charming Kitten is after people who have “information of interest to the Iranian government, including, but not limited to, information about foreign policy, insights into Iranian dissident movements, and understanding of U.S. nuclear negotiations.”

Iranian itself had an ability to track down its dissidents while other Middle Eastern states like UAE, Saudi, Qatar take help from foreign private firms like NSO Group to track their dissidents. For instance, Israeli software firm NSO Group helps Saudi Arabia to spy on Jamal Kashoggi which even led to his murder.

Another Israeli firm Candiru also known as Saito Tech (previously Taveta Ltd) founded by Isaac Zack, is another supplier of cyber-intrusion tools that has become closer to Qatar by receiving investment from Qatar Investment Fund.

If we look at the region, Iran and Israel have emerged as the two super powers in the field of cyber warfare while other countries like UAE, Saudi, Qatar are still not able to meet national protection and defense of the country on their own. But largely it’s the technology of Israel that has found its way to be circulated amongst the countries looking for cyber operations outsourcing, making it the key cyber player in the region.