Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation

Palo Alto Network’s cyber security division, Unit 42, has identified and analysed a suspected Iranian APT group’s infrastructure that has been impersonating a German model agency, complete with a fraudulent website.
The website closely replicates the real agency’s branding and content, but the imitation includes an obfuscated script designed to harvest detailed information about visitors.
The information harvested is believed to be used to enable targeted attacks, and the group has already set up a fake model profile as a likely initial social engineering step.
While the group has not yet interacted with any victims directly, the information collected could be used in future targeted attacks, possibly via spear phishing.
Palo Alto Networks has ascertained that the group operates in a similar manner to the threat group known as Agent Serpens, also known as APT35 or Charming Kitten.
This group is known for conducting espionage campaigns against Iranian dissidents, journalists and activists, particularly those living abroad.
Unit 42 has notified its customers to the potential threat and highlighted the following services as effective mitigations: Advanced URL Filtering, Advanced DNS Security and Advanced Threat Prevention.

Fast Feed