Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation
Iranian cyber actors have been identified impersonating a German model agency in a suspected espionage operation. The attackers created a fraudulent website mimicking the authentic agency's branding and content, which triggers obfuscated JavaScript to capture detailed visitor information. This data collection enables selective targeting. The website also replaces a real model's profile with a fake one, likely for social engineering purposes. The operation's complexity and methods suggest involvement of an Iranian threat group, possibly overlapping with Agent Serpens (APT35 or Charming Kitten). This group is known for targeting Iranian dissidents, journalists, and activists abroad. The fake website includes sophisticated data collection routines and dynamic profile alterations, indicating an ongoing and evolving threat.
Pulse ID: 681b3957829a1697e47b11e9
Pulse Link: https://otx.alienvault.com/pulse/681b3957829a1697e47b11e9
Pulse Author: AlienVault
Created: 2025-05-07 10:43:35
Be advised, this data is unverified and should be considered preliminary. Always do further verification.