Iranian State-Sponsored Hackers Target Western Nuclear Experts in New Mac Malware Campaign

Cybersecurity researchers from Proofpoint have uncovered a new espionage campaign conducted by Iranian state-sponsored hackers, targeting Western thinktank members with backdoors. The campaign is notable for its ability to target both Apple and Windows-powered endpoints, adapting to the appropriate operating system as required. The hackers, known as TA453 or Charming Kitten, used phishing emails to impersonate professors and intellectuals engaged in nuclear energy research, luring victims to approve the sending of a research paper. Upon agreement, the victims received a newly identified PowerShell backdoor called GorjolEcho, or the Mac-specific NokNok malware.