'The most powerful weapon is not always a missile': How Iranian "Charming Kitten" hackers used old Cold War methods to steal tech secrets and plant malware on Apple and Windows users

Iranian Charming Kitten uses deception over sophistication

News By Efosa Udinmwen published 5 April 2026

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Become a Member in Seconds

Unlock instant access to exclusive member features.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

Join the club

Get full access to premium articles, exclusive features and a growing list of member rewards.

Explore

An account already exists for this email address, please log in. Subscribe to our newsletter

• Charming Kitten relies on deception rather than exploiting technical software vulnerabilities
• Fake identities build trust before phishing attacks compromise sensitive user credentials
• Operations extend across Apple and Microsoft platforms, affecting diverse users globally

Iran-linked cyber operations are drawing renewed attention for relying less on advanced code and more on human manipulation to gain access to sensitive systems.

At the centre of this activity is Charming Kitten, a group associated with Iran’s security apparatus which has spent years targeting officials, researchers, and corporate employees.

Instead of exploiting technical vulnerabilities, operatives frequently impersonate trusted contacts, using carefully crafted messages to trick victims into revealing credentials or installing malicious software.

Article continues below

Cold War tactics and social engineering

These tactics echo intelligence strategies more commonly associated with Cold War espionage, where access and trust often proved more effective than technical superiority.

Fake online identities — including personas built around attractive or credible profiles — are used to establish relationships before launching phishing attacks.

This approach has enabled the group to operate across platforms used by both Apple and Microsoft ecosystems, exposing both Mac and Windows users to compromise.

Alongside external deception campaigns, investigators have raised concerns about insider threats linked to individuals embedded within major technology firms.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors