Israel's ClearSky Investigates Growing Iranian Cyber Sophistication
ClearSky and Charming Kitten Clash
Overt Operator
September 12, 2023
Israeli cybersecurity firm ClearSky has uncovered several instances of Iranian hackers impersonating legitimate websites.
One operation, dubbed Ayatollah BBC, involved Iranian-run websites impersonating foreign or Iranian media outlets.
However, ClearSky itself has now become a victim of these Iranian "copy and paste" operations.
Earlier this year ClearSky discovered that a hacker group known as Charming Kitten, connected to the Iranian government, was still active. This group is considered an "advanced persistent threat," meaning it consists of highly skilled hackers.
Charming Kitten made headlines when one of its members was involved in hacking into the HBO television network and stealing files, including “Game of Thrones” scripts.
ClearSky researchers found that Charming Kitten often utilizes "watering hole" attacks. These attacks involve using legitimate or seemingly innocent websites to infect users with malware, allowing the hackers to spy on them. For example, the group created a website that impersonated the German paper Deutsche Welle's site.
Another significant discovery was the insertion of a malicious page into the website of the Jewish Journal, a Los Angeles Jewish community paper. This page encouraged users to participate in a webinar, but it contained a link that activated a program called BeEF, which can exploit browser vulnerabilities.
Perhaps one of ClearSky's most interesting findings was the group's impersonation of the Israeli firm itself. Charming Kitten created a website almost identical to ClearSky's, with a slightly different address ending in ".net" rather than ".com." Researchers noticed some broken links on the fake site, indicating that it is still under development.
The motive behind this impersonation is unclear. Yet, the attack highlights the sophistication and audacity of these Iranian hackers.
ClearSky's report serves as a reminder that organizations need to remain vigilant and take proactive measures to protect themselves from cyber threats.
In conclusion, ClearSky's exposure of Iranian hackers impersonating websites underscores the ongoing threat posed by these sophisticated cybercriminals. As attacks become more advanced, cybersecurity firms and organizations must continue to stay one step ahead in defending against these malicious actors.