A group of hackers from Iran has tried to impersonate employees of renowned media once again by using false identities in order to gather information for the Iranian regime. DW has also been affected.
In mid-August, persons with fake Deutsche Welle identities contacted the staff of a foreign embassy and a leading expert by email.
In these cases, however, the cyberattacks were unsuccessful. These digital attacks are not only directed at journalists or scientists who deal with Iran, but also at critics of the regime and public figures worldwide. With supposed interview requests or invitations, the recipient is asked to click on a link in these emails, which installs malware that makes the victim's personal data vulnerable to attack.
Internet security service Clearsky has disclosed more information in a detailed report. An Iranian cyber spy group, which the company calls "Charming Kittens" is behind this. According to Clearsky, the group supplies the Iranian secret service with the personal information of the victims of the phishing offensive.
The tests were initially run via fake email accounts of respectable journalists and experts. Now, entire websites are being copied in order to gain the trust of the target persons by linking the phishing email to such sites. The criminal creativity here ranges from LinkedIn accounts to authentically copied Google or Instagram start pages. The Iranian hackers use specially created user accounts with German telephone numbers to contact their victims in Germany via WhatsApp.