Charming Kitten Targets NGOs and Media with Phishing Attacks via WhatsApp
- Actor Motivations: Espionage,Exfiltration
- Attack Vectors: Spear Phishing
- Attack Complexity: Low
- Threat Risk: Low Impact/High Probability
Threat Overview
Charming Kitten has launched a new cyber campaign targeting NGOs and media organizations in Western and Middle Eastern countries. The campaign begins with initial contact via a Yahoo email, followed by a phishing link sent through WhatsApp. To build credibility, attackers may initiate silent WhatsApp voice calls before redirecting victims to a phishing site designed to mimic Google Meet. This page, hosted on Google Sites, employs an EventListener script to capture any entered data and send it to the attackers' server. Indicators of compromise include the domain atlanticcouncil[.]site and specific WhatsApp numbers.
Detected Targets
Type | Description | Confidence |
---|---|---|
Case | Atlantic Council The Atlantic Council is an American think tank in the field of international affairs, favoring Atlanticism, founded in 1961. It manages sixteen regional centers and functional programs related to international security and global economic prosperity. It is headquartered in Washington, D.C. Atlantic Council has been targeted by Charming Kitten with abusive purposes. | Verified |
Sector | Human Rights | High |
Region | United States | High |
Region | Middle East Countries | High |
Extracted IOCs
- atlanticcouncil[.]site
Tip: 1 related IOCs (0 IP, 1 domain, 0 URL, 0 email, 0 file hash) to this threat have been found.