Intel Name: Iranian cyber actors impersonate model agency in suspected espionage operation
Date of Scan: May 9, 2025
Impact: Medium
Summary: A suspected Iranian cyber espionage operation was discovered impersonating a German modeling agency. The attackers created a fake website that replicated the real agency’s branding and used obfuscated JavaScript to secretly collect visitor data such as IP addresses, browser fingerprints, and screen resolutions. A fake model profile with a non-functional private album link suggests preparation for targeted social engineering. While no victim interaction has been confirmed, the site may be intended for spear-phishing campaigns. The activity is likely linked to an Iranian threat group, possibly APT35 (Charming Kitten), known for targeting Iranian dissidents, journalists, and activists abroad.
