{"id":657,"date":"2020-09-04T17:32:59","date_gmt":"2020-09-04T17:32:59","guid":{"rendered":"https:\/\/kdmarc.com\/blog\/?p=657"},"modified":"2024-08-14T15:30:45","modified_gmt":"2024-08-14T10:00:45","slug":"charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback","status":"publish","type":"post","link":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/","title":{"rendered":"Charming Kitten Made a Comeback Using WhatsApp and LinkedIn"},"content":{"rendered":"<p style=\"text-align: justify;\"><span style=\"font-weight: 400; color: #000000;\">The infamous Charming Kitten, an Iran-linked APT, is back with more sophisticated phishing attacks via LinkedIn and WhatsApp. In its new approach, it impersonates Persian-speaking journalists on these social media platforms to trick victims into opening malicious links. <\/span><\/p><div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 ez-toc-wrap-center counter-hierarchy ez-toc-counter ez-toc-light-blue ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #414141;color:#414141\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #414141;color:#414141\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#How_was_the_Attack_Perpetrated\" >How was the Attack Perpetrated?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#Book_a_Free_Demo_Call_with_Our_People_Security_Expert\" >Book a Free Demo Call with Our People Security Expert<\/a><ul class='ez-toc-list-level-4' ><li class='ez-toc-heading-level-4'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#Enter_your_details\" >Enter your details<\/a><\/li><\/ul><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#Charming_Kittens_New_Attempts_to_Con_Victims\" >Charming Kitten&#8217;s New Attempts to Con Victims<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#Keep_Your_Employees_Email_Accounts_Secured\" >Keep Your Employees\u2019 Email Accounts Secured<\/a><\/li><\/ul><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400; color: #000000;\">Charming kitten is mainly aiming to launch cyber attacks on Israeli scholars from Haifa and Tel Aviv Universities and U.S. government employees.&nbsp;<\/span><span style=\"font-weight: 400; color: #000000;\">Security analysts have claimed that the first malicious activity by Charming Kitten was recorded in July. <\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400; color: #000000;\">Hackers have been falsely posing as popular writers for the Deutsche Welle and Jewish Journal outlets. They were perpetrating attacks on potential victims via malicious emails, and WhatsApp messages and calls. <\/span><span style=\"font-weight: 400; color: #000000;\">Furthermore, these cybercriminals have created fake LinkedIn profiles registered in the names of well-known journalists to deceive their victims. <\/span><\/p>\n<p style=\"text-align: justify;\"><span style=\"font-weight: 400; color: #000000;\">Their ultimate agenda is to manipulate victims into clicking on malicious links that would redirect them to a spoofed login page wherein they would be requested to submit their credentials.&nbsp;<\/span><\/p>\n\n<style type=\"text\/css\">\n      @media print, screen and (max-width: 63.99875em){\n      .tnp-submit\n      width: 48%;\n      }\n      .wp-block-tnp-minimal{\n      padding: 20px;\n      }\n      .blog_para\n      margin-top: 4px !important;\n      line-height: 25px !important;\n      font-size: 15px !important;\n      }\n\n      }\n      .blog_para{\n      font-family: jost,sans-serif;\n      margin-top: 14px;\n      margin-bottom: 30px;\n      color: #fff;\n      font-size: 15px !important;\n      color: black !important;\n\n      }\n\n      .wp-block-tnp-minimal{\n      padding:20px;\n      border: 1px solid grey;\n      }\n\n      .tnp-submit a{\n        background: #1d58c7!important;\n    border-radius: 5px!important;\n    text-transform: inherit!important;\n    padding: 8px 25px!important;\n    font-weight: 600!important;\n    color: #fff!important;\n    width: 30%!important;\n    border: none;\n      }\n\n      .blog_get{\n      font-size: 24px !important;\n      font-weight: 700;\n      padding-bottom: 0px;\n    font-family: 'Poppins' !important;\n      margin-bottom: 0px;\n      margin-top: 0px;\n      margin-bottom: 0px !important;\n      color: white;\n          line-height: 30px;\n          color: white;\n      }\n      .row{\n             display: flex;\n    flex-wrap: wrap;\n    flex-direction: row;\n    padding: 25px 0px 25px 36px;\n    align-items: center;\n\n      }\n\n.colLeft{\n         flex-basis:50%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n    color: white;\n}\n    \n .colRight{\n       flex-basis: 45%;\n    -webkit-box-flex: 0;\n    flex-grow: 0;\n    max-width: 50%;\n }\n\n.tnp-subscription-minimal{\n    float: right;\n}\n<\/style>\n<div style=\"max-width: 741px; margin: 0 auto; background-image: url('https:\/\/awareness.threatcop.ai\/marketing\/linkedinlowerbanner.webp'); background-repeat: no-repeat; background-size: cover; background-position: center; \">\n<div class=\"row\">\n<div class=\"colLeft\">\n<p class=\"blog_get\" style=\"font-family: 'Poppins' !important; color: white !important\">Subscribe to Our Newsletter On Linkedin<\/p>\n<p class=\"blog_para\" style=\"font-size: 16px;font-family: 'Poppins' !important; color: white !important; margin-top: 10px; margin-bottom: 28px;line-height: 25px;\">Sign up to Stay Tuned with the Latest Cyber Security News and Updates<\/p>\n\n<div>\n<div class=\"tnp\" style=\"margin-bottom: 10px;\">\n            <form action=\"https:\/\/threatcop.com\/newsletter-thank-you\" method=\"get\" target=\"_blank\">\n<div class=\"tnp-submit\">\n                  <a class=\"libutton\" href=\"https:\/\/www.linkedin.com\/build-relation\/newsletter-follow?entityUrn=7062043746430783488\" target=\"_blank\" rel=\"noopener\">Subscribe<\/a><\/div>\n<\/form><\/div>\n<\/div>\n<\/div>\n<div class=\"colRight\">\n<div>\n<div class=\"tnp tnp-subscription-minimal \">\n            <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/marketing\/newsletter-icon.webp\" class=\"img-fluid\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n<h1 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"How_was_the_Attack_Perpetrated\"><\/span><span style=\"color: #000000;\"><b>How was the Attack Perpetrated?<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h1>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Pretending to be writers of German and Persian origin, the cybercriminals created fake LinkedIn profiles. They sent out LinkedIn messages to victims on their personal accounts in order to manipulate them. <\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">By taking up the names of popular journalists and writers on their fake social media handles, these hackers made sure that the victims felt that the messages were coming from reliable sources.&nbsp;<\/span><\/p>\n\n\n\n<!DOCTYPE html>\n<html lang=\"en\">\n\n<head>\n    <meta charset=\"UTF-8\">\n    <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n    <title>Document<\/title>\n<\/head>\n\n<style>\n    .interestedBtn {\n        width: 80% !important;\n        box-sizing: border-box !important;\n        display: inline-block !important;\n        padding: 11px !important;\n        border: 1px !important;\n        border-color: #ddd !important;\n        margin-top: 10px !important;\n        background-color: #183e8b !important;\n        background-image: none !important;\n        text-shadow: none !important;\n        color: #fff !important;\n        font-size: 14px !important;\n        line-height: 20px !important;\n        border-radius: 5px !important;\n        margin: 0 !important;\n        cursor: pointer !important;\n        box-shadow: 0px 4.66px 22.99px 0px rgba(0, 0, 0, 0.10);;\n    }\n\n\n        .formSec .formSecTwo{\n            padding-top: 15px !important;\n            margin-bottom: 30px !important;\n        }\n\n\n    .tnp-email {\n        width: 80% !important;\n        box-sizing: border-box;\n        padding: 8px 10px;\n        display: inline-block;\n        border: 1px solid #ced4da;\n        background: #fff;\n        color: #000 !important;\n        font-size: 13px;\n        line-height: 20px;\n        border-radius: 2px;\n        padding-right: 30px;\n        margin-bottom: 0px;\n    }\n\n    .formSec {\n        border: 1px solid #ced4da;\n        float: left !important;\n        width: 55% !important;\n    }\n\n    .mainBox {\n       \/* border: 1px solid #183e8b;*\/\n         background: white;\n        max-width: 600px !important;\n        margin: 0 auto !important;\n        padding: 20px !important;\n        font-family: Arial, Helvetica, sans-serif !important;\n    }\n\n    .boxDiv {\n        display: flex !important;\n    }\n\n    .boxConsult {\n        float: left !important;\n        width: 45% !important;\n        padding: 10px !important;\n    }\n\n    .formSecTwo {\n        text-align:center !important;\n        width: 100% !important;\n    }\n\n    .formHeading {\n        font-family: Arial, Helvetica, sans-serif;\n        margin-top: 0px;\n        font-weight: 700;\n        line-height: 25px;\n        font-size: 18px !important;\n        \n       margin-bottom: 60px !important;\n       color: #000!important;\n          margin-top: 5px !important;\n    }\n\n    .fieldHeading {\n        margin: 0 !important;\n        font-size: 13px !important;\n        text-align: left !important;\n        margin: 0px 39px 2px 93px !important;\n        font-weight: 500 !important;\n    }\n\n    .image {\n        max-width:90% !important;\n        height: auto !important;\n    }\n\n     .email-icon {\n            position: absolute;\n            right: 50px;\n             top: 20px;\n            transform: translateY(-50%);\n            pointer-events: none; \n        }\n\n          .email-container{\n             position: relative;\n         \n        }\n       \n\n        .email-icon img{\n                 width: 15px;\n        }\n\n\n         input::placeholder {\n            color:#495057;\n        }\n\n\n     ::placeholder {\n        color: #495057;\n    }\n\n        ::-ms-input-placeholder { \n          color:#495057;\n        }\n\n\n        input:-webkit-autofill {\n            background-color: transparent !important;\n            -webkit-box-shadow: 0 0 0px 1000px white inset !important; \n            box-shadow: 0 0 0px 1000px white inset !important;\n            color: #495057 !important; \n        }\n\n        \n        input {\n            color:#495057 !important;\n        }\n\n\n    @media screen and (max-width: 480px) {\n        .boxDiv {\n            display: block !important;\n            padding: 15px !important;\n         \n        }\n\n        .image{\n        width: 80% !important;\n         margin-bottom: 14px;\n        }\n        .fieldHeading {\n            text-align: left !important;\n            margin: unset !important;\n        }\n\n        .boxConsult {\n            width: unset !important;\n            float: none !important;\n        }\n\n        .mainBox {\n            border: unset !important;\n        }\n\n        .formSec {\n            float: unset !important;\n            width: 100% !important;\n        }\n\n        .formSecTwo {\n            text-align: center !important;\n        }\n\n        .tnp-email {\n            width: 90% !important;\n        }\n\n        .formHeading {\n            margin-bottom: unset !important;\n        }\n\n         .email-icon {\n            position: absolute;\n            right: 25px;\n            top: 58%;\n            transform: translateY(-50%);\n            pointer-events: none; \/* Make sure the icon doesn't block clicking on the input *\/\n        }\n       \n        .email-container{\n             position: relative;\n        }\n\n    }\n<\/style>\n\n<body>\n\n    <div class=\"mainBox\" box-sizing:=\"\" border-box;=\"\">\n\n        <div class=\"boxDiv\">\n\n            <div class=\"boxConsult\">\n                <div>\n                    <h3 class=\"formHeading\" style=\" font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Book_a_Free_Demo_Call_with_Our_People_Security_Expert\"><\/span>\n                        Book a Free Demo Call with Our People Security Expert<span class=\"ez-toc-section-end\"><\/span><\/h3>\n                <\/div>\n                <img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/form.svg\" class=\"image\">\n            <\/div>\n\n            <div class=\"formSec\">\n                <div class=\" formSecTwo\">\n                    <h4 style=\"margin-top: 0; font-size: 16px !important;\"><span class=\"ez-toc-section\" id=\"Enter_your_details\"><\/span>Enter your details<span class=\"ez-toc-section-end\"><\/span><\/h4>\n                    <div class=\"tnp tnp-subscription-minimal\">\n                        <form action=\"https:\/\/threatcop.com\/thankyou-blog\" method=\"get\" target=\"_blank\">\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n\n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"FullName\" value=\"\"\n                                    placeholder=\"Full Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon01.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"email\" required=\"\" name=\"email\" value=\"\"\n                                    placeholder=\"Corporate Email Id\">\n                                     <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon02.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n\n                            <div class=\"email-container\" style=\"margin-bottom:20px;\">\n                               \n                                <input class=\"tnp-email\" type=\"text\" required=\"\" name=\"CompanyName\" value=\"\"\n                                    placeholder=\"Company Name\">\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon03.svg\" class=\"img-fluid\" \/><\/span>\n\n                            <\/div>\n\n                            <div class=\"email-container\">\n                               \n                                <input class=\"tnp-email\" type=\"number\" required=\"\" name=\"Phone\" value=\"\"\n                                    placeholder=\"Phone No.\"><br>\n                                    <span class=\"email-icon\"><img decoding=\"async\" src=\"https:\/\/awareness.threatcop.ai\/threatcop_blog\/icon04.svg\" class=\"img-fluid\" \/><\/span>\n                            <\/div>\n                            <input type=\"hidden\" name=\"BlogForm\" value=\"BlogForm\"><br>\n                            <input class=\"tnp-submit interestedBtn\" name=\"submit\" type=\"submit\"\n                                value=\"SUBMIT\">\n\n                        <\/form>\n                    <\/div>\n                <\/div>\n            <\/div>\n\n        <\/div>\n    <\/div>\n\n<\/body>\n\n<\/html>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The fraudulent link was enclosed within an authorized Deutsche Welle domain, making it even more difficult to detect the fraud.&nbsp; Attempts were also made to send a malicious ZIP file along with the message that was sent to the victim via the forged LinkedIn profiles.&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The attack was also perpetrated via WhatsApp, where the cyber attackers talked to the victims personally via WhatsApp calls, manipulating them into clicking on malicious links. Making use of these two social media platforms, it was more convenient for hackers to reach their victims.&nbsp;<\/span><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter\"><img decoding=\"async\" src=\"https:\/\/media.threatpost.com\/wp-content\/uploads\/sites\/103\/2019\/02\/04145647\/APT_Kitten_APT.png\" alt=\"Charming Kitten \"\/><figcaption class=\"wp-element-caption\"><span style=\"color: #000000;\">(Source: Threatpost)<\/span><\/figcaption><\/figure>\n<\/div>\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Charming_Kittens_New_Attempts_to_Con_Victims\"><\/span><span style=\"color: #000000;\"><b>Charming Kitten&#8217;s New Attempts to Con Victims<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Charming Kitten has been active since 2014 and has always relied on email and messages to carry out its malicious activities. Also known as Ajax or APT35, this gang of Iranian hackers uses spear-phishing as their attack vector in the majority of cases. The group recently tried to hack into the email accounts tied to the 2020 Trump re-election campaign as well.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">However, hackers recently changed their course of action by relying on social media platforms such as WhatsApp and LinkedIn. They misused these platforms to support their spear-phishing email campaign to make it all look to have come from legitimate sources. <\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">In the spear phishing emails, hackers of the Charming Kitten group impersonated Deutsche Welle journalists, fluent in Farsi, to deceive targeted receivers. Other victims received spoofed emails that impersonated an Israeli scholar from Tel Aviv University, requesting recipients to join a Zoom meeting in Hebrew. <\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">Hackers also posed as journalists from the Jewish Journal, requesting victims who were all mainly university students, to join a webinar on \u201ccitizenship and freedom of girls and women in Iran and its future.\u201d&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">The attackers made sure that they gained the trust of the victims by keeping them in a conversational loop in the webinar. They deployed various tactics to increase the interest of the victims by nominating them as the main speaker of the webinar.<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">After establishing a cordial relationship with them, the cyber attackers invited them to connect over WhatsApp. The conversation was further extended and the victims didn\u2019t suspect any evil intention since the number used by the hackers was a legitimate German number (with the prefix +49).&nbsp;<\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">After the attackers were sure that they had successfully gained the trust of their victims, the second wave of messages sent by them included emails with malicious links. When targets clicked on the link, they were redirected to Akademie AW&#8217;s spoofed landing page. <\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"font-weight: 400; color: #000000;\">There they were asked to sign up on the page to activate their accounts. Reportedly, researchers have traced back the malicious links to be linked to an authorized Deutsche Welle domain!<\/span><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Keep_Your_Employees_Email_Accounts_Secured\"><\/span><span style=\"color: #000000;\"><b>Keep Your Employees\u2019 Email Accounts Secured<\/b><\/span><span class=\"ez-toc-section-end\"><\/span><\/h3>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"font-weight: 400;\">Due to the rampant increase in the number of<\/span> email spoofing activities<span style=\"font-weight: 400;\">, it is imperative for CISOs, CIOs, and other security equivalents to implement robust<\/span> email authentication protocols<span style=\"font-weight: 400;\">. Making these protocols a part of the company\u2019s<\/span> email security help in securing your <span style=\"font-weight: 400;\">email domain against email-based attacks such as spoofing and BEC attacks.<\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><span style=\"color: #0000ff;\"><a style=\"color: #0000ff;\" href=\"https:\/\/threatcop.com\/blog\/what-is-dmarc\/\" target=\"_blank\" rel=\"noopener noreferrer\"><b><span style=\"color: #183994;\">DMARC<\/span><\/b><\/a><\/span><\/span> <span style=\"color: #000000;\">is the best email authentication standard, which in alignment with <span style=\"color: #183994;\"><strong><a style=\"color: #183994;\" href=\"https:\/\/threatcop.com\/blog\/spf-and-dkim\/\">DKIM and <\/a><\/strong><\/span><span style=\"color: #0000ff;\"><span style=\"color: #183994;\"><strong>SPF<\/strong><\/span><a style=\"color: #0000ff;\" href=\"https:\/\/kdmarc.com\/blog\/spf-an-authentication-technique-for-dmarc\/\" target=\"_blank\" rel=\"noopener noreferrer\"><span style=\"color: #000000;\">,<\/span><\/a>&nbsp;<span style=\"color: #000000;\">not only secures the email domain against malicious activities but also enhances the email deliverability rate.&nbsp; In fact, <span style=\"color: #0000ff;\"><strong><a style=\"color: #0000ff;\" href=\"https:\/\/threatcop.com\/tdmarc\"><span style=\"color: #183994;\">TDMARC<\/span><\/a><\/strong><\/span> is the most recommended tool to configure DMARC in your organization.&nbsp;<\/span><\/span><\/span><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><span style=\"color: #000000;\"><strong>TDMARC offers the following benefits:&nbsp;<\/strong><\/span><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><span style=\"color: #414141;\"><strong>Secures email domains from being exploited by threat actors<\/strong><\/span><\/li>\n\n\n\n<li><span style=\"color: #414141;\"><strong>Identifies all the top sources abusing your domain<\/strong><\/span><\/li>\n\n\n\n<li><span style=\"color: #414141;\"><strong>Protects brand reputation, customer base, and business<\/strong><\/span><\/li>\n\n\n\n<li><span style=\"color: #414141;\"><strong>Improves email deliverability and boosts engagement rate<\/strong><\/span><\/li>\n\n\n\n<li><span style=\"color: #414141;\"><strong>Gives full insight into email channels including third-party emails and abuse<\/strong><\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>The infamous Charming Kitten, an Iran-linked APT, is back with more sophisticated phishing attacks via LinkedIn and WhatsApp. In its new approach, it impersonates Persian-speaking journalists on these social media platforms to trick victims into opening malicious links. Charming kitten is mainly aiming to launch cyber attacks on Israeli scholars from Haifa and Tel Aviv [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":7461,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41],"tags":[],"class_list":["post-657","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-attacks"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Charming Kitten Resurfaces on WhatsApp and LinkedIn<\/title>\n<meta name=\"description\" content=\"The infamous Charming Kitten, an Iran-linked APT, is back with more sophisticated phishing attacks via LinkedIn and WhatsApp.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Charming Kitten Resurfaces on WhatsApp and LinkedIn\" \/>\n<meta property=\"og:description\" content=\"The infamous Charming Kitten, an Iran-linked APT, is back with more sophisticated phishing attacks via LinkedIn and WhatsApp.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/\" \/>\n<meta property=\"og:site_name\" content=\"Threatcop\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/\" \/>\n<meta property=\"article:published_time\" content=\"2020-09-04T17:32:59+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-08-14T10:00:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2020\/09\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"1200\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Threatcop\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatcop\" \/>\n<meta name=\"twitter:site\" content=\"@threatcop\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Threatcop\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/\"},\"author\":{\"name\":\"Threatcop\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\"},\"headline\":\"Charming Kitten Made a Comeback Using WhatsApp and LinkedIn\",\"datePublished\":\"2020-09-04T17:32:59+00:00\",\"dateModified\":\"2024-08-14T10:00:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/\"},\"wordCount\":836,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp\",\"articleSection\":[\"Cyber Attacks\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/\",\"name\":\"Charming Kitten Resurfaces on WhatsApp and LinkedIn\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp\",\"datePublished\":\"2020-09-04T17:32:59+00:00\",\"dateModified\":\"2024-08-14T10:00:45+00:00\",\"description\":\"The infamous Charming Kitten, an Iran-linked APT, is back with more sophisticated phishing attacks via LinkedIn and WhatsApp.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/#primaryimage\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/09\\\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp\",\"width\":1250,\"height\":1200,\"caption\":\"Charming Kitten Cyber Attacks\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Charming Kitten Made a Comeback Using WhatsApp and LinkedIn\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"name\":\"Threatcop\",\"description\":\"Cybersecurity Blogs, News, Updates, and Articles\",\"publisher\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#organization\",\"name\":\"Threatcop\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/threatcop-logo-black-1.png\",\"width\":432,\"height\":102,\"caption\":\"Threatcop\"},\"image\":{\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/people\\\/Threatcop\\\/100083109892339\\\/\",\"https:\\\/\\\/x.com\\\/threatcop\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/threatcop\\\/\",\"https:\\\/\\\/www.instagram.com\\\/threatcop_official\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/#\\\/schema\\\/person\\\/e4db27ffd37219d73fc6b40cc9d45cfa\",\"name\":\"Threatcop\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"url\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"contentUrl\":\"https:\\\/\\\/threatcop.com\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/10\\\/avatar_user_1_1696398433.jpeg\",\"caption\":\"Threatcop\"},\"sameAs\":[\"https:\\\/\\\/threatcop.com\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Charming Kitten Resurfaces on WhatsApp and LinkedIn","description":"The infamous Charming Kitten, an Iran-linked APT, is back with more sophisticated phishing attacks via LinkedIn and WhatsApp.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/","og_locale":"en_US","og_type":"article","og_title":"Charming Kitten Resurfaces on WhatsApp and LinkedIn","og_description":"The infamous Charming Kitten, an Iran-linked APT, is back with more sophisticated phishing attacks via LinkedIn and WhatsApp.","og_url":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/","og_site_name":"Threatcop","article_publisher":"https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","article_published_time":"2020-09-04T17:32:59+00:00","article_modified_time":"2024-08-14T10:00:45+00:00","og_image":[{"width":1250,"height":1200,"url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2020\/09\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp","type":"image\/webp"}],"author":"Threatcop","twitter_card":"summary_large_image","twitter_creator":"@threatcop","twitter_site":"@threatcop","twitter_misc":{"Written by":"Threatcop","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#article","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/"},"author":{"name":"Threatcop","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa"},"headline":"Charming Kitten Made a Comeback Using WhatsApp and LinkedIn","datePublished":"2020-09-04T17:32:59+00:00","dateModified":"2024-08-14T10:00:45+00:00","mainEntityOfPage":{"@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/"},"wordCount":836,"commentCount":0,"publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"image":{"@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2020\/09\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp","articleSection":["Cyber Attacks"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/","url":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/","name":"Charming Kitten Resurfaces on WhatsApp and LinkedIn","isPartOf":{"@id":"https:\/\/threatcop.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#primaryimage"},"image":{"@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#primaryimage"},"thumbnailUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2020\/09\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp","datePublished":"2020-09-04T17:32:59+00:00","dateModified":"2024-08-14T10:00:45+00:00","description":"The infamous Charming Kitten, an Iran-linked APT, is back with more sophisticated phishing attacks via LinkedIn and WhatsApp.","breadcrumb":{"@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#primaryimage","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2020\/09\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2020\/09\/Charming-Kitten-uses-WhatsApp-and-LinkedIn-for-Comeback.webp","width":1250,"height":1200,"caption":"Charming Kitten Cyber Attacks"},{"@type":"BreadcrumbList","@id":"https:\/\/threatcop.com\/blog\/charming-kitten-uses-whatsapp-and-linkedin-to-make-a-comeback\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/threatcop.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Charming Kitten Made a Comeback Using WhatsApp and LinkedIn"}]},{"@type":"WebSite","@id":"https:\/\/threatcop.com\/blog\/#website","url":"https:\/\/threatcop.com\/blog\/","name":"Threatcop","description":"Cybersecurity Blogs, News, Updates, and Articles","publisher":{"@id":"https:\/\/threatcop.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/threatcop.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/threatcop.com\/blog\/#organization","name":"Threatcop","url":"https:\/\/threatcop.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2026\/06\/threatcop-logo-black-1.png","width":432,"height":102,"caption":"Threatcop"},"image":{"@id":"https:\/\/threatcop.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Threatcop\/100083109892339\/","https:\/\/x.com\/threatcop","https:\/\/www.linkedin.com\/company\/threatcop\/","https:\/\/www.instagram.com\/threatcop_official\/"]},{"@type":"Person","@id":"https:\/\/threatcop.com\/blog\/#\/schema\/person\/e4db27ffd37219d73fc6b40cc9d45cfa","name":"Threatcop","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","url":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","contentUrl":"https:\/\/threatcop.com\/blog\/wp-content\/uploads\/2023\/10\/avatar_user_1_1696398433.jpeg","caption":"Threatcop"},"sameAs":["https:\/\/threatcop.com"]}]}},"_links":{"self":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/657","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/comments?post=657"}],"version-history":[{"count":10,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/657\/revisions"}],"predecessor-version":[{"id":11811,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/posts\/657\/revisions\/11811"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media\/7461"}],"wp:attachment":[{"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/media?parent=657"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/categories?post=657"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/threatcop.com\/blog\/wp-json\/wp\/v2\/tags?post=657"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}