Israeli security and defense workers were noted by the country's National Cyber Directorate to have been subjected to an ongoing spear-phishing campaign involving infrastructure linked to Iranian state-backed threat operation APT42, also known as Charming Kitten, according to GBHackers News.
Threat actors have used WhatsApp to send malicious messages purporting to be from legitimate organizations that lure recipients into clicking shortened URLs that redirect to credential- and other information-stealing websites, said the alert.
Other intrusions involved the distribution of illicit files for an expanded attack surface, according to researchers, who noted that msnl[.]lnk, which was tapped as a shortened URL service for the campaign, and the recycling of dynamic DNS services were linked to established APT42 attack techniques.
With APT42 leveraging persistent operational resources in its attacks, organizations have been advised to not only track for identified infrastructure links and indicators of compromise but also bolster WhatsApp-based social engineering awareness programs.
Threat actors have used WhatsApp to send malicious messages purporting to be from legitimate organizations that lure recipients into clicking shortened URLs that redirect to credential- and other information-stealing websites, said the alert.
Other intrusions involved the distribution of illicit files for an expanded attack surface, according to researchers, who noted that msnl[.]lnk, which was tapped as a shortened URL service for the campaign, and the recycling of dynamic DNS services were linked to established APT42 attack techniques.
With APT42 leveraging persistent operational resources in its attacks, organizations have been advised to not only track for identified infrastructure links and indicators of compromise but also bolster WhatsApp-based social engineering awareness programs.




