Ep. 47 - APT42 & Iran's AI Social Engineering: Deepfakes, Phishing & Hack-and-Leak

Iran’s APT42 — also known as Charming Kitten or Mint Sandstorm — is redefining social engineering with generative AI, deepfake voice cloning, and long-term phishing campaigns.

In this episode of the Cyber Resilience Brief, we break down how Iranian state-sponsored threat actors are using AI-powered phishing, MFA fatigue attacks, credential harvesting, and hack-and-leak operations to target journalists, political campaigns, academics, and enterprise executives.

You’ll learn:

• How APT42 builds months-long AI-generated relationships before deploying malware
• How deepfake voice notes are being used to bypass verification
• How compromised email accounts fuel election interference and information warfare
• Why MFA fatigue and session token abuse remain critical enterprise risks
• How adversarial exposure validation (AEV) and continuous automated red teaming help security teams detect post-phishing lateral movement

As AI becomes agentic and scalable, social engineering attacks are evolving from mass phishing to precision psychological operations.

This isn’t just cyber espionage. It’s AI-driven influence warfare.

Stay safe. Stay resilient.