VERY IMPORTANT

Throughout the past few months, Clearskysec identified several attacks orchestrated by Charming Kitten APT group, targeting the Baha’i community. We observed an elevation in the sophistication of social engineering methods employed by the group. In the context of this campaign the attackers impersonated an academic researcher and an officer from the US State Department. Feigning an on-going correspondence, the attackers addressed the target and sent him an acrobat pdf file presenting a letter signed by the US official, containing the phishing link. Once the target fills his credentials, the attackers check if the account can be accessed without 2FA. If unsuccessful, the target will be directed to another phishing page dedicated to steal two-factor identification. Once the attackers gained the email credentials, they immediately changed the email account’s passwords, resulting in the target losing access to their email.