Germany’s domestic intelligence service published a cyber espionage warning that a suspected state-sponsored threat group was targeting Iranian dissidents living in Germany and abroad.

The Federal Office for the Protection of the Constitution (BfV) called on critics of the Iranian leadership in Germany, including dissidents, lawyers, journalists, and human rights activists, to be more vigilant against cyber espionage targeting Iranians in exile.

The Federal Office said in a statement that it suspected a network of Iranian professional hackers known as Charming Kitten to target the Iranian opposition and exiles based in Germany.

According to Germany’s domestic intelligence service, the attackers use a sophisticated, multi-step process to identify and spy on critics of the Iranian regime.

It employs spear phishing tactics, acquiring sensitive information by sending counterfeit, legitimate messages.

The aim is to gain access to online services such as email accounts, cloud storage, or messenger services used by the potential victim.

In the first step, the attacker explores the preferences and interests of their prey, including claims of a political nature.

They then establish personal contact and seek to lull their target into a false sense of security by giving the impression of being harmless.

Next, the victim is invited to an online video chat, in which they must enter login details to a link sent by the hacker. The attacker can subsequently access this information to access online accounts.

The cyber-attacks were mainly directed at dissident organizations, parties, lawyers, journalists, and human rights activists in Iran and abroad.

Charming Kitten pretends that victims communicate with real people, some of whom are publicly known, such as journalists or NGO employees.