From cyware.com
Charming Kitten, also referred to as Phosphorous and UNC788, is an Iran-based threat actor group that has been active since 2012. It is one of the most active and persistent threat actors that primarily relies on impersonating log-in pages of legitimate webmail services to collect credentials from its targets. Despite being consistent for over a decade, the group also has a history of operational security (OpSec) errors that disclosed its tactics, techniques, and procedures (TTPs). This includes the malware used by the group to expand its toolset.