February 22, 2024 at 10:21AM
State-sponsored cyber operations are increasingly targeting policy experts in the Middle East and Ukraine. Charming Kitten/CharmingCypress, an Iran-linked group, employs social engineering tactics and malware to compromise targets. Other groups, such as ColdRiver and Jordan-based actors, have also used similar methods to target experts. Volexity advises experts to be vigilant against these persistent threats.
After reviewing the meeting notes, here are the key takeaways:
1. **Targeting of Policy Experts:** State-sponsored groups have been increasingly targeting policy experts in the Middle East, Ukraine, and worldwide, using extensive social engineering tactics to compromise their targets.
2. **Charming Kitten’s Tactics:** The Iran-linked group, Charming Kitten, also known as CharmingCypress and APT42, has been using phony webinar platforms and Trojan-rigged VPN applications to gain access to targeted victims and install malware. The group’s extensive social engineering tactics and a long confidence game have been highlighted.
3. **Other Threat Actors:** Russia-linked ColdRiver group and a subgroup of Mint Sandstorm have also targeted policy experts using similar social engineering tactics, as well as the exploitation tactics reportedly used by government agencies in Jordan.
4. **Persistence and Advanced Tactics:** These threat actors demonstrate persistence and commitment in conducting surveillance on their targets to manipulate them and deploy malware, making defending against their attacks more challenging.
5. **Defense Strategies:** Policy experts must remain vigilant against cold contacts, be cautious of links and files, and avoid entering credentials or authorizing downloads from unknown sources. It’s crucial for them to understand that these threat actors will continue to target them even if initial attempts fail.
This summary captures the critical points discussed in the meeting notes regarding the targeted cyber operations against policy experts conducted by state-sponsored groups.