Charming Kitten, the notorious hacking group from Iran, has again made headlines for its malicious cybercriminal campaigns.
Researchers stated that this group currently targets Middle East policy experts after using a fake webinar portal to deceive its victims into unintentionally deploying new malware strains. Based on reports, this new campaign utilises new malware payloads, such as BASICSTAR and KORKULOADER.
Charming Kitten has tried various malicious tools for its campaigns in different attacks over the past months.
This latest incident highlights the Charming Kitten operator’s pursuit of enhancing its arsenal of cyber threats. According to investigations, previous group activities deployed malware such as BellaCiao and Sponsor backdoor, indicating a pattern of innovation and adaptability in their illegal activities.
The modus operandi of the recent attacks includes posing as representatives from the Rasanah International Institute for Iranian Studies. The actors used this strategy to build trust with their intended targets.
These attackers disseminated phishing emails, inviting recipients to participate in a purported webinar, with the click of a link leading to the download of BASICSTAR onto their systems. Additionally, the campaign offered alternative contact methods through WhatsApp and Signal phone numbers that the actors control, adding layers to their malicious tactics.
Furthermore, an intriguing aspect of Charming Kitten’s approach is its customisation of attacks based on the OS of the targeted machines. While Windows users fell victim to the POWERLESS backdoor, macOS are susceptible to the NokNok malware via a malicious VPN application.
The capabilities of BASICSTAR are equally concerning since it could allow its operators to gather vital system information, remotely execute commands, and download and display decoy PDF files.
It also has a new variant with a Visual Basic Script code that boasts an extensive module for collecting detailed information, including antivirus and software products, BIOS details, and hardware specifications.
These improvements should prompt potential targets to remain vigilant and informed about Charming Kitten’s evolving tactics.
Staying ahead of threat actors demands awareness and a proactive approach to cyber defence. Therefore, organisations can effectively mitigate the risks posed by such sophisticated adversaries through collaborative efforts and decisive action.
