PDF When security intelligence teams talk about human error, the conversation typically focuses on the victim of a cyberattack. What might they learn if they analyzed attackers' mistakes instead? In their investigation of a group tracked as ITG18, otherwise known as Charming Kitten and Phosphorous, a team of IBM X-Force security researchers investigated attackers' operational security errors to reveal the inner details of how the group functions and launches attacks. ITG18, associated with Iranian government operations, has a history of targeting high-profile victims, journalists, nuclear scientists, and people involved with COVID-19 vaccine development. In late 2019, it was linked to an attack targeting