NAME:
Charming Kitten
Alias
Newscaster, Parastoo, iKittens, Group 83, Newsbeef, Charming Kitten
Description:
Charming Kitten is an Iranian cyberespionage group that has been active since around 2014. They appear to focus on targeting individuals of interest to Iran who work in academic research, human rights, and media, with most victims having been located in Iran, the US, Israel, and the UK. It usually tries to access private email and Facebook accounts, and sometimes establishes a foothold on victim computers.
The group's TTPs overlap extensively with another group, Rocket Kitten.
References:
https://en.wikipedia.org/wiki/Operation_Newscaster
https://iranthreats.github.io/resources/macdownloader-macos-malware/
https://www.isightpartners.com/2014/05/newscaster-iranian-threat-inside-social-media/
https://www.forbes.com/sites/thomasbrewster/2017/07/27/iran-hackers-oilrig-use-fake-personas-on-facebook-linkedin-for-cyberespionage/
https://cryptome.org/2012/11/parastoo-hacks-iaea.htm
https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
https://securelist.com/blog/software/74503/freezer-paper-around-free-meat/
https://www.verfassungsschutz.de/download/broschuere-2016-10-bfv-cyber-brief-2016-04.pdf