The sub-techniques beta is now live! Read the release blog post for more info.

Charming Kitten

Charming Kitten is an Iranian cyber espionage group that has been active since approximately 2014. They appear to focus on targeting individuals of interest to Iran who work in academic research, human rights, and media, with most victims having been located in Iran, the US, Israel, and the UK. Charming Kitten usually tries to access private email and Facebook accounts, and sometimes establishes a foothold on victim computers as a secondary objective. The group's TTPs overlap extensively with another group, Magic Hound, resulting in reporting that may not distinguish between the two groups' activities. [1]

ID: G0058
Version: 1.0
Created: 16 January 2018
Last Modified: 22 March 2019


ID Name References Techniques
S0186 DownPaper [1] Command-Line Interface, PowerShell, Query Registry, Registry Run Keys / Startup Folder, Standard Application Layer Protocol, System Information Discovery, System Owner/User Discovery