Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation

SUMMARY :

Iranian cyber actors have been identified impersonating a German model agency in a suspected espionage operation. The attackers created a fraudulent website mimicking the authentic agency's branding and content, which triggers obfuscated JavaScript to capture detailed visitor information. This data collection enables selective targeting. The website also replaces a real model's profile with a fake one, likely for social engineering purposes. The operation's complexity and methods suggest involvement of an Iranian threat group, possibly overlapping with Agent Serpens (APT35 or Charming Kitten). This group is known for targeting Iranian dissidents, journalists, and activists abroad. The fake website includes sophisticated data collection routines and dynamic profile alterations, indicating an ongoing and evolving threat.

OPENCTI LABELS :

espionage,phishing,social engineering,javascript,data collection


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Iranian Cyber Actors Impersonate Model Agency in Suspected Espionage Operation