An Iran-linked hacking group named Charming Kitten reportedly tried to break into the private emails of more than a dozen U.S. officials and nuclear scientists during the last month in retaliation for the Trump administration’s decision to re-impose sanctions on the Islamic Republic.

Aside from government officials, the hackers went after defenders, detractors and enforcers of the Iran nuke deal and also targeted Arab atomic scientists, Iranian civil society figures and D.C. think tank employees, The Associated Press reported Thursday.

“Presumably, some of this is about figuring out what is going on with sanctions,” Frederick Kagan, an American Enterprise Institute scholar who was targeted in the hacking, told The Associated Press.

The list surfaced after Charming Kitten left one of its servers open on the Internet last month. Certfa, a London-based cybersecurity group, found the server and extracted a list of 77 email addresses on the hackers' wish list before handing it over to The Associated Press.

Certfa tied the hackers to the Iranian government after a blunder revealed they were operating from computers inside the country. The group’s assessment was backed by others who have tracked the group in the past. The Associated Press reported data suggests Charming Kitten works closely with the Iranian government.


Among the U.S. targets were Andrew J. Grotto, who worked on the U.S. National Security Council between the Obama and Trump administrations, and Jarrett Blanc, a State Department coordinator responsible for the implementation of the nuclear deal under Obama.

Certfa researchers Nariman Gharib, left, and Amin Sabeti look at a computer at a cafe in London on Friday, Dec. 7, 2018.

Certfa researchers Nariman Gharib, left, and Amin Sabeti look at a computer at a cafe in London on Friday, Dec. 7, 2018. (AP Photo/Raphael Satter)

“I've retained contact with Iranian counterparts since leaving government,” Blanc told The Associated Press. “I'd be very surprised if there were not Iranian groups trying to hack into my various email accounts.”


At least 13 U.S. Treasury officials were also targeted, including a director at the Financial Crimes Enforcement Network and the Iran licensing chief at the Office of Foreign Asset Control, which is in charge of enforcing U.S. sanctions.

Certfa described the attacks as not particularly sophisticated, as Charming Kitten hackers primarily relied on phishing.

The Associated Press contributed to this report.