Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

RedKitten campaign targeting Iranian dissidents with forged shock lures

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

The RedKitten campaign is spreading SloppyMIO malware in Iran, putting NGOs and people documenting protest-related human rights abuses at risk of surveillance and data theft. The operation uses forged shock lures and malicious Excel files to trigger macros and deliver a persistent implant. Researchers first observed the activity in early January 2026, and they said it overlaps with Iran-aligned TTPs. The targeting focus suggests a coordinated effort against dissidents, activists, journalists, and families searching for missing loved ones.

Related Happenings

Ghostwriter geofenced PDF spear-phishing campaign targeting Ukrainian government entities

Campaign
First: 14.05.2026 17:00 Last: 14.05.2026 17:00 Sources 1

About this happening: The **Ghostwriter / FrostyNeighbor** group is running a **geofenced spear-phishing campaign** against **government entities in Ukraine**, and the operation matters because it deli...

Open Happening

REF6598 Obsidian social-engineering campaign targeting finance and crypto users

Campaign
First: 16.04.2026 14:02 Last: 16.04.2026 14:02 Sources 1

About this happening: The **REF6598** operation is using **LinkedIn**, **Telegram**, and **Obsidian** to deliver **PHANTOMPULSE**, creating a targeted intrusion path into **financial** and **cryptocurr...

Open Happening

Iranian MOIS Telegram malware campaign targeting opposition groups

Campaign
First: 23.03.2026 11:45 Last: 23.03.2026 11:45 Sources 1

About this happening: The **FBI** warned that **Iranian MOIS-linked hackers** are using **Telegram C2** and **social engineering** to deliver **Windows malware** against journalists, dissidents, and ot...

Open Happening

Transparent Tribe AI-assisted implant campaign targeting India

Campaign
First: 06.03.2026 17:11 Last: 06.03.2026 17:11 Sources 1

About this happening: **Transparent Tribe (APT36)** is using **AI-powered coding tools** to mass-produce disposable implants in an active **campaign** targeting the **Indian government**, its embassies...

Open Happening

Anonymous Fénix DDoS and volunteer-recruitment campaign

Campaign
First: 23.02.2026 23:59 Last: 23.02.2026 23:59 Sources 1

About this happening: **Anonymous Fénix** escalated its **DDoS** campaign by recruiting volunteers, increasing disruption risk for **government and public-institution domains** across **Spain** and par...

Open Happening

Timeline

  1. 23.01.2026 02:00 2 articles · 4mo ago

    HarfangLab obtains RedKitten samples

    Detection Ioc Update

    HarfangLab obtained malicious samples tied to the RedKitten campaign targeting people in Iran, including NGOs, activists, journalists and families documenting human rights abuses, after first observing the activity in early January 2026.

    Show sources
    Open in new tab