The Charming Kitten hacking group from Iran (see original report here) has launched a new phishing attack to collect information from public officials connected with the imposition or enforcement of sanctions against Iran. The phishing program relies on untrained security experts at organizations who use 2 factor authentication (2FA) of GMail accounts by SMS, which is not secure. The hackers, believed to be tied to the IRGC, started hacking US banks in connection with sanctions and have since moved on to journalists, think tank executives and political figures who are viewed as being against the Iranian regime.
According to this report, Charming Kitten has spent the last month trying to hack into the private emails 13 US Treasury officials and also targeted Honeywell International Inc., and Science Applications International Corp. to access information on tech break throughs. The campaign also targeted FinCEN.
Cybersecurity experts tied the hackers to sympathizers of the Iranian regime including nuclear officials in Pakistan, Jordan and Syria.