A new Iran-lead phishing campaign has been discovered by Security researchers. They made ads of an interview with a important journalist to trick recipients of clicking. This sort of attack it’s primarily designed to harvest email account info from journalists and political and human rights activists, as well as information about their contacts and networks.

In a report published Wednesday, London-based cyber-security company Certfa tied the impersonation of Fassihi to a hacking group nicknamed Charming Kitten, which has long been associated with Iran. Israeli firm ClearSky Cyber Security provided Reuters with documentation of similar impersonations of two media figures at CNN and Deutsche Welle, a German public broadcaster. ClearSky also linked the hacking attempts to Charming Kitten, describing the individuals targeted as Israeli academics or researchers who study Iran. ClearSky declined to give the specific number of people targeted or to name them, citing client confidentiality.

The researchers also uncovered a new piece of backdoor malware, pdfreader.exe, which changes Windows’ Firewall and Registry settings to run automatically, gather device information and run new malware remotely on the machine.

This was cited out of the report :

Certfa Lab has identified a new series of phishing attacks from the Charming Kitten, the Iranian hacking group who has a close relationship with Iran’s state and Intelligence services. According to our investigation, these new attacks have targeted journalists, political and human rights activists. These phishing attacks are in line with the previous activities of the group that companies like ClearSky and Microsoft have reported in detail in September and October 2019.

However Iran denies operating or even supporting said criminal organization. The spokesman for the Islamic Republic’s mission to the United Nations ‘Alireza Miryousefi’, said that firms claiming otherwise “are merely participants in the disinformation campaign against Iran.”