"APT Charming Kitten Pounces on Medical Researchers"

Security researchers at Proofpoint have recently linked a late-2020 phishing campaign aimed at stealing credentials from 25 senior professionals at medical research organizations in the United States and Israel to an advanced persistent threat group with links to Iran called Charming Kitten.  The phishing campaign has been dubbed BadBlood because of its medical focus and the history of tensions between Iran and Israel.  The phishing campaign aimed to steal the credentials of professionals specializing in genetic, neurology, and oncology research.  Charming Kitten, believed to be an Iranian state-sponsored APT, has been operating since around 2014 and has built a “vast espionage apparatus” comprised of at least 85 IP addresses, 240 malicious domains, hundreds of hosts, and multiple fake entities. Spearphishing and custom malware are among an array of tactics the group uses against victims.

Threatpost reports: "APT Charming Kitten Pounces on Medical Researchers"