IRAN: The Iranian-backed threat group known as APT35 or Charming Kitten has recently used phishing email messages claiming to be a journalist to trick victims. The phishing campaign targets political figures and human rights activists, attempting to lure them into sharing their passwords on fake login pages, according to researchers at Certfa. The lure begins with an email asking for an interview and includes shortened links to real news websites that collect information about the victim’s browser and IP address before redirecting to the news story. After the initial email exchange, the threat group sends a link to a file containing interview questions, hosted on Google Sites to make the link appear safe. The Google Site page redirects the victim to a fake login page hosted on the domain two-step-checkup[.]site. If the victim enters their login information on this page, the attacker will steal their username, password, and two-factor authentication code. This enables the attacker to access the victim’s account and steal sensitive information.