The group also compromised a website belonging to the SOAS in London/courtesy BBC

1. An Iranian group which propounded to be a British-based academic to target persons in a cyber-espionage task has been surfaced.

2. The group is also supported by a real website relating to the School of Oriental and African Studies (SOAS) University of London to steal valuable information.

3. That the modus operandi was unearthed by a cybersecurity company named Proofpoint.

4. The attackers sometimes nicknamed as "Charming kitten" willing to engage in real-time communications with their end-users, who are generally the US and UK nationals because they anticipate that they might have information on the foreign policy of countries towards Iran, negotiations over Iran's nuclear program or information concerning Iranian's dissidents.

5. The emails sent from Gmail address had not been sent by the real academic, but by a cyber-espionage group likely to be associated with the Iranian Revolutionary Guards.

6. Once a conversation was established, the target was sent a "registration link" hosted by a real website which had already been compromised by the attackers. It belonged to SOAS radio, an independent online radio station and production company based at SOAS.

7. Though stealing credentials by offering log in using email providers is not new but the use of a real website marked a change.

8. While the SOAS has denied that any personal information has been leaked and said its data systems were not affected.

9. The cyber–security company has cautioned academics, journalists and think-tank scholars to engage in conversation, first to identify and verify the callers offering or lured them any opportunities irrespective of virtual mode.

The compromised website invited people to register as a way of capturing their passwords and user names/BBC