'The most powerful weapon is not always a missile': How Iranian "Charming Kitten" hackers used old Cold War methods to steal tech secrets and plant malware on Apple and Windows users

Date:
Sun, 05 Apr 2026 18:25:00 +0000

Description:
Irans Charming Kitten group relies on deception, insider access, and low-tech methods to steal trade secrets and compromise systems.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Charming Kitten relies on deception rather than exploiting technical software vulnerabilities Fake identities build
trust before phishing attacks compromise sensitive user credentials
Operations extend across Apple and Microsoft platforms, affecting diverse users globally Iran-linked cyber operations are drawing renewed attention for relying less on advanced code and more on human manipulation to gain access
to sensitive systems.

At the centre of this activity is Charming Kitten, a group associated with Irans security apparatus which has spent years targeting officials, researchers, and corporate employees. Instead of exploiting technical vulnerabilities, operatives frequently impersonate trusted contacts, using carefully crafted messages to trick victims into revealing credentials or installing malicious software. Article continues below You may like Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices Watch out Microsoft
Teams users - hackers are spreading a dangerous new phishing scam, here's
what we know 'What begins as a phone call from 'IT support' ends with a fully instrumented network compromise': This fake tech support scam tricks
employees into infecting their own company devices Cold War tactics and
social engineering These tactics echo intelligence strategies more commonly associated with Cold War espionage, where access and trust often proved more effective than technical superiority.

Fake online identities including personas built around attractive or
credible profiles are used to establish relationships before launching phishing attacks.

This approach has enabled the group to operate across platforms used by both Apple and Microsoft ecosystems, exposing both Mac and Windows users to compromise.

Alongside external deception campaigns, investigators have raised concerns about insider threats linked to individuals embedded within major technology firms. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar
Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

A high-profile case involving members of the Ghandali family centres on allegations of trade secret theft from companies including Google .

Prosecutors claim that sensitive data related to processor security and cryptography was extracted over time and transferred outside the United States.

Ex-counterintelligence officials describe the method as a slow, deliberate extraction carried out by actors with training or external direction. What to read next North Korean hackers use AI-generated video to deliver malware for macOS and Windows North Korean hackers using malicious QR codes in spear phishing, FBI warns Signal is being targeted by Russian hackers in a huge new phishing campaign, FBI says

Rather than relying on digital exfiltration tools, some of the alleged activity involved photographing computer screens a low-technology method designed to avoid detection by cybersecurity systems.

The most damaging breaches often originate from within, one expert noted, adding that trusted access can bypass even advanced defenses.

Analysts argue that these operations reflect a wider intelligence framework that combines cyber activity, human networks, and surveillance capabilities.

Former officials state that Iran has developed a layered approach that includes recruitment, online intelligence gathering, and procurement
channels.

One source described Iran as the third most sophisticated adversary, adding that its activities were underestimated for years compared with those of larger rivals.

The same networks have also been linked to monitoring dissidents abroad, indicating that operations are not limited to economic or military
objectives.

This dual focus external competition and internal control complicates assessments of intent and scale.

Cases such as that of Monica Witt, who allegedly provided intelligence to
Iran after defecting, reinforce concerns about insider cooperation.

Staying safe from phishing and espionage requires a layered approach to digital security. Users should verify identities before sharing credentials
or sensitive information.

Strong, unique passwords combined with multi-factor authentication help limit account compromise.

Also, installing reliable antivirus software protects against known threats, while maintaining an active firewall prevents unauthorized access.

In addition, trusted malware removal tools can detect and eliminate
suspicious activity before it spreads.

Via MSN Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



======================================================================
Link to news story: https://www.techradar.com/pro/security/the-most-powerful-weapon-is-not-always- a-missile-how-iranian-charming-kitten-hackers-used-old-cold-war-methods-to-ste al-tech-secrets-and-plant-malware-on-apple-and-windows-users


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)