Charming Kitten hackers use new ‘NokNok’ malware for macOS
Security researchers have identified a new campaign, which they attribute to the Charming Kitten APT group, in which hackers used a new NokNok malware targeting macOS systems.
The campaign began in May and is based on a different infection chain than previously seen, with LNK files deploying the payloads instead of the typical malicious Word documents seen in previous attacks of group .
Charming Kitten, also known as APT42 or Phosphorus, has launched at least 30 operations in 14 countries since 2015, according to Mandiant.
Google linked the threat actor to the Iranian state, and more specifically to the Islamic Revolutionary Guard Corps (IRGC).
In September 2022, the US government was able to identify and indict members of the threat group.
ProofPoint reports that the threat actor has now abandoned macro-based infection methods involving Word documents and has instead developed LNK files to load the payload of.