Iranian threat group Charming Kitten set their sights on healthcare professionals in the United States and Israel during the month of December. The targeted people specifically work in the oncology and neurology fields and the threat group’s intention was to steal login credentials. Reports claim potential victims received phishing emails that included links to fake Microsoft login pages. Researchers at Proofpoint stated “the effort was likely part of an intelligence gathering operation as well as the result of ongoing tensions between Iran and Israel.” This type of target is different compared to what Charming Kitten has gone after in the past. Moving forward it will be interesting to see if this becomes somewhat of a trend or if the group’s target list varies.
Analyst Notes
It is very important to be able to spot phishing emails as they become more and more common. Some tell-tale signs a message may not be what it appears include, a lot of misspellings, an urgent message and a link or attachment. If a user does receive a phishing email, it’s advised that they do not click on any links or attachments. If users do happen to click on links or attachments, it’s imperative they do not provide any personal details. Phishing emails should be reported the security team so that if other employees are also targeted, they can also be protected as a result of one employee’s report.
Source: https://thehill.com/policy/cybersecurity/545654-iranian-hackers-targeting-us-israeli-medical-researchers-analysis?rl=1&web_view=true
