Check out the results from our first round of ATT&CK Evaluations at!

Charming Kitten

Charming Kitten is an Iranian cyber espionage group that has been active since approximately 2014. They appear to focus on targeting individuals of interest to Iran who work in academic research, human rights, and media, with most victims having been located in Iran, the US, Israel, and the UK. Charming Kitten usually tries to access private email and Facebook accounts, and sometimes establishes a foothold on victim computers as a secondary objective. The group's TTPs overlap extensively with another group, Rocket Kitten, resulting in reporting that may not distinguish between the two groups' activities. [1]

ID: G0058
Aliases: Charming Kitten
Version: 1.0

Alias Descriptions

Charming Kitten[1]


S0186DownPaperCommand-Line Interface, PowerShell, Query Registry, Registry Run Keys / Startup Folder, Standard Application Layer Protocol, System Information Discovery, System Owner/User Discovery