Threats Feed|Charming Kitten|Last Updated 24/01/2025|AuthorCertfa Radar|Publish Date15/10/2024

Charming Kitten Targets NGOs and Media with Phishing Attacks via WhatsApp

  • Actor Motivations: Espionage,Exfiltration
  • Attack Vectors: Spear Phishing
  • Attack Complexity: Low
  • Threat Risk: Low Impact/High Probability

Threat Overview

Charming Kitten has launched a new cyber campaign targeting NGOs and media organizations in Western and Middle Eastern countries. The campaign begins with initial contact via a Yahoo email, followed by a phishing link sent through WhatsApp. To build credibility, attackers may initiate silent WhatsApp voice calls before redirecting victims to a phishing site designed to mimic Google Meet. This page, hosted on Google Sites, employs an EventListener script to capture any entered data and send it to the attackers' server. Indicators of compromise include the domain atlanticcouncil[.]site and specific WhatsApp numbers.

Detected Targets

TypeDescriptionConfidence
CaseAtlantic Council
The Atlantic Council is an American think tank in the field of international affairs, favoring Atlanticism, founded in 1961. It manages sixteen regional centers and functional programs related to international security and global economic prosperity. It is headquartered in Washington, D.C. Atlantic Council has been targeted by Charming Kitten with abusive purposes.
Verified
SectorHuman Rights
High
RegionUnited States
High
RegionMiddle East Countries
High

Extracted IOCs

  • atlanticcouncil[.]site
download

Tip: 1 related IOCs (0 IP, 1 domain, 0 URL, 0 email, 0 file hash) to this threat have been found.