Charming Kitten hackers use new ‘NokNok’ malware for macOS

According to a report dated July 6th, 2023, the Iranian APT ATK49/Charming Kitten has updated its techniques to launch an espionage campaign using a new NokNok backdoor.

The threat actor followed its usual modus operandi to gain its victim's trust by using multi-persona impersonation of well-known nuclear security experts in a targeted spearphishing attack against a US-based think tank focused on Middle Eastern affairs and nuclear security.This campaign particularly highlights the evolution of ATK49 to a multi-cloud approach in its efforts to likely minimize disruptions from threat hunters.

Read more about it: here