Iranian APT Charming Kitten Mimics ClearSky in Phishing Scheme
- Actor Motivations: Exfiltration
- Attack Vectors: Phishing
- Attack Complexity: Low
- Threat Risk: Low Impact/High Probability
Threat Overview
The Iranian APT group Charming Kitten impersonated Israeli cybersecurity firm ClearSky by creating a phishing website that mimicked the legitimate Clearskysec.com domain. The fake site, hosted on an older compromised server, replicated ClearSky's public web pages and included phishing login options to harvest credentials. ClearSky identified the incomplete site, which was taken down before it could affect any victims. Charming Kitten has previously targeted academic researchers, human rights activists, media outlets and political consultants in Iran, the US, UK and Israel. Known for spear-phishing, impersonating organisations, and deploying malware such as DownPaper, this campaign underscores the ongoing threat to security researchers and geopolitical targets.
Detected Targets
| Type | Description | Confidence |
|---|---|---|
| Case | ClearSky Cyber security and threat intelligence company. ClearSky has been targeted by Charming Kitten with abusive purposes. | Verified |
| Sector | Information Technology | Unknown |
| Region | Israel | Unknown |
| Region | United States | Unknown |
Extracted IOCs
- clearskysecurity[.]net
Tip: 1 related IOCs (0 IP, 1 domain, 0 URL, 0 email, 0 file hash) to this threat have been found.