In 2018, Amanda King was a Senior Director of Breakthrough Technology and Innovation at a major aerospace and defense company. She was doing industry interviews, enjoying media training, and working on some of the most interesting projects of her career.
Then the Associated Press started calling.
Amanda punted the reporter to her company’s media relations team three times, assuming they wanted her for an interview. When her media relations leader finally called her back, the message was different than expected: “Are you sitting down? There is an Iranian cyber terrorist group that is targeting you.”
Amanda was one of 77 people on a target list maintained by Charming Kitten, an Iranian APT group affiliated with the Islamic Revolutionary Guard Corps (IRGC). The list had been extracted by a UK-based white hat hacker group that breached Charming Kitten’s own infrastructure and turned the information over to the AP.
Who Was on the List
The other 76 names included major political figures and people with significant nuclear backgrounds. Amanda’s title, which suggested access to breakthrough defense technology, was apparently interesting enough to earn a spot alongside them.
What They Got
Charming Kitten compromised Amanda’s personal accounts. Her corporate systems, protected by the kind of security infrastructure typical of aerospace and defense companies, held. But her personal email, containing bank information, tax documents, and her children’s information, was exposed.
The distinction matters. Most cybersecurity professionals focus their energy on corporate defenses. Personal accounts, the Gmails and Yahoos where real life happens, often get far less attention. That gap is exactly where nation-state actors operate.
The Government Gets Involved
Shortly after learning about the targeting, Amanda received a call from a US government agency. They knew what had happened and wanted access to her personal accounts to investigate.
Her husband, a Marine with 30 years of service, was deployed in Iraq at the time. Her children were in Arizona while she was in Washington, DC. The combination of a nation-state threat and family vulnerability hit differently than any corporate security incident.
How Her Company Responded
Amanda’s employer handled the situation well, she said. Both the company and the government agency were involved in every discussion. The fact that no corporate data had been breached validated the company’s security investments and gave leadership confidence to continue funding those programs.
But Amanda noted that other companies might have reacted differently. Some might have turned an external threat into an employee’s fault, making a difficult situation worse.
What She Changed
Amanda took several practical steps after the incident:
- Shut down old email accounts she hadn’t used in years, reducing her attack surface
- Brought in a network security specialist to secure her home network
- Installed security software on every device in the house
- Locked down parental controls on her children’s gaming systems
- Stopped sending anything work-related over personal email channels
None of these measures are extraordinary. That’s the point. Amanda described herself as a “digital hoarder” who had old accounts and data sitting around for years with no purpose other than being available to anyone who got in.
Why This Matters Now
Charming Kitten is not a relic of 2018. The group, also tracked as APT42 and Mint Sandstorm, is one of the IRGC-affiliated APT groups currently conducting operations against Americans during the ongoing US-Iran conflict. On March 11, 2026, an Iran-linked group conducted a destructive wiper attack against Stryker Corporation, wiping over 200,000 systems across 79 countries. MuddyWater, another Iranian APT, has been found pre-positioned inside a US bank, a US airport, and a defense software company.
Amanda’s experience, being targeted based on a job title that sounded interesting to a foreign intelligence service, could happen to more Americans in the current threat environment. The targeting criteria haven’t changed.
Listen to the Full Episode
Amanda tells the complete story on Episode 73 of the Security Cocktail Hour, including her perspective on resilience (she’s also a cancer survivor) and a practical framework for processing difficult experiences.
Want cybersecurity conversations like this in your inbox? Subscribe to our newsletter for episode alerts and security insights.